3

I am running a Geoserver instance in Tomcat and want to know if it is possible to use Windows Authentication (Keberos) to authenticate users in Geoserver.

My idea is to setup Geoserver to use an Active Directory to find users and then let the client send a token like "Negotiate dxs24sdsedsx!dwwe" (Kerberos) to Geoserver.

Is it possible for Geoserver to authenticate that kind of header?

whyzar
  • 12,053
  • 23
  • 38
  • 72
Tobias Johansson
  • 41
  • 4

1 Answers1

2

As far as I'm aware, yes this is possible. According to this post How to secure WFS services?

The refer to - General HTTP request rules

The use of HTTPS does not affect the description of the requests and responses described in this specification but may require additional actions to be taken on both the client and the service in order to initiate the secure communication.

As well as,

... a web service that acts as a mediator between the WFS and the user. This web service will manage the user access to WFS layers and perform the necessary cross checks with an Active Domain or Kerberos Authentication access control. This service will pass through to the WFS server those requests that are authenticated and permitted. This is a Marshaling web service

whyzar
  • 12,053
  • 23
  • 38
  • 72
  • Thanks for your reply, i forgot to mention that everything is served over HTTP and the problem is how to set up Geoserver to read the Kerberos header which is sent from IIS (ARR and URL-rewrite for Tomcat), im not sure i understand the proxything. – Tobias Johansson Oct 09 '17 at 18:49