WMTS authentication problem
27 views
Skip to first unread message
Assigned to tobia....@geosolutionsgroup.com by me
Magnus Nilsson
Mar 4, 2026, 6:51:00 AM (5 days ago) Mar 4
to mapstore-users
Hi
I noticed in MapStore 2025.02.02 that it now supports authentication when connecting to WMS/WMTS servers. I often use the product "Topografisk webbkarta Visning" from Lantmäteriet, Sweden, https://geotorget.lantmateriet.se/dokumentation/GEODOK/69/latest.html. I use https://maps.lantmateriet.se/topowebb/wms/v1?request=GetCapabilities&version=1.1.1&service=wms and add it as a background map. It works just fine when logged in as an admin. However, when a guest user tries to access the map, MapStore asks for the Lantmäteriet authentication details again. What is the point of that? I don´t want to expose those details to the general public. I ´can´t find any documentation on this at https://mapstore2.readthedocs.io/en/latest/user-guide/catalog/#wmswmts-catalog. It seems like a bug to me, though not reported at https://github.com/geosolutions-it/MapStore2/issues. Am I missing something?
Magnus
Tobia Di Pisa
Mar 4, 2026, 11:51:32 AM (5 days ago) Mar 4
to mapstor...@googlegroups.com
Dear Magnus,
Thank you for your feedback.
What you are experiencing is the intended behavior of the new Basic Authentication support in MapStore, rather than a bug. This feature is designed to allow individual users to access OGC services protected by Basic Auth using their own personal credentials.
For security reasons, MapStore does not store these credentials on the server side to "relay" them to other users. Instead, they are persisted only in the browser's session storage of the person who types them.
This means that:
Regarding the Basic Auth one, we are currently working on improving the documentation here to make these architectural details and use cases clearer.
Best Regards,
Thank you for your feedback.
What you are experiencing is the intended behavior of the new Basic Authentication support in MapStore, rather than a bug. This feature is designed to allow individual users to access OGC services protected by Basic Auth using their own personal credentials.
For security reasons, MapStore does not store these credentials on the server side to "relay" them to other users. Instead, they are persisted only in the browser's session storage of the person who types them.
This means that:
- Admin credentials are safe: your user details are never exposed to guest users.
- Guest access: If a guest user accesses the map, MapStore recognizes the source is protected and asks for credentials because that specific browser session doesn't have any stored.
Regarding the Basic Auth one, we are currently working on improving the documentation here to make these architectural details and use cases clearer.
Best Regards,
Tobia Di Pisa
--
You received this message because you are subscribed to the Google Groups "mapstore-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mapstore-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/mapstore-users/a9634144-06ef-4d78-8d0c-82e5574c5813n%40googlegroups.com.
==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.
==
Dott. Ing. Tobia Di Pisa
Technical Lead / Project Manager
GeoSolutions Group
phone: +39 0584 962313
mobile: +39 340 1781783
fax: +39 0584 1660272
https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it
-------------------------------------------------------
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
Magnus Nilsson
Mar 5, 2026, 10:21:46 AM (4 days ago) Mar 5
to mapstore-users
Hi
Thanks for clarifying that, I thought it was a bug. Yes, I solved the access using GeoServer instead.
Magnus
Reply all
Reply to author
Forward
0 new messages