Re: [ERDDAP] Digest for erddap@googlegroups.com - 1 update in 1 topic

[Tylar Murray]

I believe oauth2 requires a handshaking between the ERDDAP and provider (google||OrcID) servers. So to pass data back and forth, you would need to create an outbound rule that allows traffic to the OAuth2 provider's endpoints (typically over port 443).

On Fri, Feb 7, 2025 at 10:05 PM <erd...@googlegroups.com> wrote:

erd...@googlegroups.com

Google Groups

Topic digest
View all topics

• Firewall and ERDDAP Authentication - 1 Update

Firewall and ERDDAP Authentication

Samantha Ouertani - NOAA Affiliate <samantha...@noaa.gov>: Feb 07 03:56PM -0800 Hi All,   I'm looking for any advice from those familiar with ERDDAPs hosted on a firewall-protected server. Additionally, if you have experience implementing the authorization and authentication features of ERDDAP, that would be great.   Please see our ERDDAP instance here <https://erddap.aoml.noaa.gov/gdp/erddap/info/index.html?page=1&itemsPerPage=1000>. You'll notice in the top right corner that we have the "log in" feature enabled, specifically the oauth2 protocol. When I attempt to log in through Google, I'm redirected to the Google sign-in page and am able to click on my email and enter my password. However, after entering the password, I'm redirected back to the ERDDAP login.html page, but I am not logged in. Within the tomcat log.txt, I see the error: "Login failed: SocketException: Connection reset".   If I try to log in through OrcID, a similar flow follows. I'm redirected to sign in and once I click "authorize access", I'm sent back to ERDDAP's login.html, and the message "ERROR: Login failed: SocketException: Connection reset" is displayed on the login.html page, as well as the Tomcat log.txt file.   The firewall does not allow outbound connections unless specified. It doesn't make sense to me that I would need to allow the firewall to access the server that ERDDAP is already hosted on, but that is my leading theory. Can someone offer any clarification into the oauth2 process, and if the problem lies with the redirection back to the ERDDAP login.html page. Is it even a true 302 redirection, or does it fall under a different process? Would this relate to outbound or inbound firewall rules?   I similarly dealt with the "SocketException: Connection reset" error in the past while trying to reference another ERDDAPs dataset on our ERDDAP. The error was resolved once the outbound connection to the hosting ERDDAP (not ours) was permitted.   Feel free to message me separately to discuss this topic further.   Thank you very much for your time and help, Sam

Back to top

You have received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page. To unsubscribe from this group and stop receiving emails from it send an email to erddap+un...@googlegroups.com.