Firewall and ERDDAP Authentication

[Samantha Ouertani - NOAA Affiliate]

Hi All,

I'm looking for any advice from those familiar with ERDDAPs hosted on a firewall-protected server. Additionally, if you have experience implementing the authorization and authentication features of ERDDAP, that would be great. 

Please see our ERDDAP instance here. You'll notice in the top right corner that we have the "log in" feature enabled, specifically the oauth2 protocol. When I attempt to log in through Google, I'm redirected to the Google sign-in page and am able to click on my email and enter my password. However, after entering the password, I'm redirected back to the ERDDAP login.html page, but I am not logged in. Within the tomcat log.txt, I see the error: "Login failed: SocketException: Connection reset". 

If I try to log in through OrcID, a similar flow follows. I'm redirected to sign in and once I click "authorize access", I'm sent back to ERDDAP's login.html, and the message "ERROR: Login failed: SocketException: Connection reset" is displayed on the login.html page, as well as the Tomcat log.txt file. 

The firewall does not allow outbound connections unless specified. It doesn't make sense to me that I would need to allow the firewall to access the server that ERDDAP is already hosted on, but that is my leading theory. Can someone offer any clarification into the oauth2 process, and if the problem lies with the redirection back to the ERDDAP login.html page. Is it even a true 302 redirection, or does it fall under a different process? Would this relate to outbound or inbound firewall rules? 

I similarly dealt with the "SocketException: Connection reset" error in the past while trying to reference another ERDDAPs dataset on our ERDDAP. The error was resolved once the outbound connection to the hosting ERDDAP (not ours) was permitted. 

Feel free to message me separately to discuss this topic further. 

Thank you very much for your time and help,

Sam