Authentication / Privileges in MapStore
1,053 views
Skip to first unread message
Assigned to offth...@gmail.com by me
Michael Steigemann
May 4, 2020, 12:48:02 AM5/4/20
to mapstore-developers
Good morning!
Over the weekend I have set up the MapStore2 users GeoServer integration with Authkey (https://mapstore.readthedocs.io/en/latest/developer-guide/integrations/users/geoserver/) successfully. The following two questions have occured. I hope that anyone here can answer them:
1. New Role "VIEWER": I found out that it is possible to expose the FeatureEditor to the USER role by adding "USER" to "editingAllowedRoles": ["ADMIN"]. On Geoserver I have set up two Roles "VIEWER" and "EDITOR". When a "VIEWER" User edits data in MapStore2 he get's an error when saving a record (as the WFS-T is read only) for his role. Now my question: Is it possible to hide the "editing pencil" from the VIEWER-Users by adding a new role "VIEWER" to MapStore2? May this be possible with the "Application Context" tool that will be released in the upcoming version?
2. As my GeoServer Datasource is password protected I would like to implement a SSO into mapstore2 (in the normal clients and the embedded versions). As I see from geostore documentation in https://github.com/geosolutions-it/geostore/wiki/Authentication-section this could be the case. Is there an example existing? It hope that is possible to add some parameters for example authenticationToken in the JavaScript functions. To explain what I mean I created this dummy script.:
<body onload="init()">
<div id="container" class="ms2"></div>
<script id="ms2-api" src="http://localhost:6451/mapstore/dist/ms2-api.js"></script>
<script type="text/javascript">
function init() {
MapStore2.create('container',{
configUrl: "http://localhost:6451/mapstore/rest/geostore/data/12",
originalUrl: "http://localhost:6451/mapstore/#/viewer/openlayers/12",
authenticationToken: "myToken"
});
}
</script>
</body>
Thanks for your feedback an have a nice day!
All the best,
Michael
Mauro Bartolomeoli
May 5, 2020, 3:53:12 AM5/5/20
to mapstore-...@googlegroups.com
Hi Michael,
Il giorno lun 4 mag 2020 alle ore 06:48 'Michael Steigemann' via mapstore-developers <mapstore-...@googlegroups.com> ha scritto:
Good morning!Over the weekend I have set up the MapStore2 users GeoServer integration with Authkey (https://mapstore.readthedocs.io/en/latest/developer-guide/integrations/users/geoserver/) successfully. The following two questions have occured. I hope that anyone here can answer them:1. New Role "VIEWER": I found out that it is possible to expose the FeatureEditor to the USER role by adding "USER" to "editingAllowedRoles": ["ADMIN"]. On Geoserver I have set up two Roles "VIEWER" and "EDITOR". When a "VIEWER" User edits data in MapStore2 he get's an error when saving a record (as the WFS-T is read only) for his role. Now my question: Is it possible to hide the "editing pencil" from the VIEWER-Users by adding a new role "VIEWER" to MapStore2? May this be possible with the "Application Context" tool that will be released in the upcoming version?
Currently MapStore role support is very limited. In particular you cannot add new roles, only 3 are available: ADMIN, USER and GUEST (for the anonymous user). Also, roles that you set in GeoServer are not usable to allow / deny MapStore functionalities. Only the opposite works (you can use MapStore roles from GeoServer).
About
2. As my GeoServer Datasource is password protected I would like to implement a SSO into mapstore2 (in the normal clients and the embedded versions). As I see from geostore documentation in https://github.com/geosolutions-it/geostore/wiki/Authentication-section this could be the case. Is there an example existing? It hope that is possible to add some parameters for example authenticationToken in the JavaScript functions. To explain what I mean I created this dummy script.:<body onload="init()"><div id="container" class="ms2"></div><script id="ms2-api" src="http://localhost:6451/mapstore/dist/ms2-api.js"></script><script type="text/javascript">function init() {MapStore2.create('container',{configUrl: "http://localhost:6451/mapstore/rest/geostore/data/12",originalUrl: "http://localhost:6451/mapstore/#/viewer/openlayers/12",authenticationToken: "myToken"});}</script></body>Thanks for your feedback an have a nice day!
Unfortunately there is no option to use an externally generated token in the MapStore API, but, since MapStore authentication uses localStorage, setting your user info before calling MapStore2.create should work.
MapStore expects a mapstore2.persist.security key in localStorage with the following content:
{
"user": {
"attribute": [{
"name": "email",
"value": "in...@geo-solutions.it"
}, ...],
"enabled": true,
"groups": {
"group": [...]
},
"id": 3,
"name": "admin",
"role": "ADMIN"
},
"errorCause": null,
"token": "___PUT_YOUR_TOKEN_HERE___",
"refresh_token": " ___PUT_YOUR_TOKEN_HERE___ ",
"expires": 1588751171, // you can set expiration time, current time is new Date().getTime(), in milliseconds
"authHeader": "Basic ___BASE64_USER:PASSWORD_FOR_GEOSTORE___", // this is only needed if you want to communicate with GeoStore using basic-auth, usually not needed with SSO
"loginError": null
}
"user": {
"attribute": [{
"name": "email",
"value": "in...@geo-solutions.it"
}, ...],
"enabled": true,
"groups": {
"group": [...]
},
"id": 3,
"name": "admin",
"role": "ADMIN"
},
"errorCause": null,
"token": "___PUT_YOUR_TOKEN_HERE___",
"refresh_token": " ___PUT_YOUR_TOKEN_HERE___ ",
"expires": 1588751171, // you can set expiration time, current time is new Date().getTime(), in milliseconds
"authHeader": "Basic ___BASE64_USER:PASSWORD_FOR_GEOSTORE___", // this is only needed if you want to communicate with GeoStore using basic-auth, usually not needed with SSO
"loginError": null
}
Regards,
Mauro Bartolomeoli
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
Dott. Mauro Bartolomeoli
@mauro_bart
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
mobile: +39 393 904 1756
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
Michael Steigemann
May 6, 2020, 11:31:20 AM5/6/20
to mapstore-developers
Hi Mauro!
Thank you very much for your answer. I have tested out your suggestion for my second question. I set the localStorage security information by JavaScript before creating the map container:
function init() {
localStorage.setItem('mapstore2.persist.security', '{"user":{"enabled":true,"groups":{"group":{"enabled":true,"groupName":"everyone","id":7}},"id":10,"name":"admin","role":"ADMIN"},"errorCause":null,"token":"mytoken","refresh_token":"mytoken","expires":1588831613,"authHeader":"","loginError":null}');
MapStore2.create('container',{
configUrl: "http://localhost:6451/mapstore/rest/geostore/data/12",
originalUrl: "http://localhost:6451/mapstore/#/viewer/openlayers/12"
});
}
Afterwards I started an incognito session in chrome. When loading the page map store doesnt show due to restrictions (screenshot1):
But the localStorage itself is set correct (see screenshot Nr. 2):
When I then swap to the normal starting page of mapstore then I am already logged in (Screenshot 3):
When I use the iFrame integration the login also does not work.
Did I do something wrong or does your suggestion not work for the embedded versions?
Thanks in advance for your feedback.
All the best,
Michael
Michael Steigemann
May 15, 2020, 4:46:46 AM5/15/20
to mapstore-developers
Hello Mauro!
It would be cool if you could answer my question concerning localStorage and the embedded versions from May 6th .
Thank you very much and have a nice day,
Michael
Mauro Bartolomeoli
May 26, 2020, 3:40:18 AM5/26/20
to mapstore-...@googlegroups.com
Hi Michael,
I had to struggle a bit to make this work, but I finally did.
A couple of things that could be useful to anyone to know.
The API and embedded stuff are currently not ready to work on a secured environment. This is in line with their main purpose: to be used for public maps.
That said, with some configuration and a custom build it can be done.
First, something about the customization part: the API does not include the security machinery in its build, so we need to include that and re-build the ms2-api javascript bundle.
The most simple way to do that is:
* add the Login plugin to web/client/product/apiPlugins.js
LoginPlugin: require('../plugins/Login')
* build the new frontend js bundles (npm run compile)
* replace the existing bundles in the deployed app in the dist folder with the new ones in web/client/dist
This is a temporary solution, I will make a PR later to include the security machinery by default in the JS API (I think it's useful anyway).
Now, about configuration. Some security stuff needs to be added to the MapStore.create options:
MapStore2.create('container',{
noLocalConfig: false,
storeOpts: {
persist: {
whitelist: ["security"]
}
}
});
* storeOpts: ... (allows loading the security info from the localStorage)
Another note: if you have a recent version of the code, you also need to disable user sessions from the localConfig.json fle:
"userSessions": {
"enabled": false
},
User sessions are not compatible with the JS Api due to a bug we are going to fix.
Hope this helps.
Michael Steigemann
Jun 10, 2020, 3:40:17 PM6/10/20
to mapstore-developers
Hello Mauro!
Thanks for your answer! Today I had the time to try out your suggestion and it works :-)
Did you already make the PR to include the security machinery by default in the JS API? Will it be included in the next release of mapstore2?
Best regards,
Michael
Mauro Bartolomeoli
Jun 15, 2020, 3:31:50 AM6/15/20
to mapstore-...@googlegroups.com
Good morning Michael,
I merged the PR last friday and backported to stable, so yes, it should be in next release.
Mauro
--
You received this message because you are subscribed to the Google Groups "mapstore-developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mapstore-develo...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/mapstore-developers/16d58950-c217-4215-8dae-48d464fc7c01o%40googlegroups.com.
Stefan Overkamp
Aug 25, 2020, 4:52:40 AM8/25/20
to mapstore-...@googlegroups.com
Dear List,
is it possible and/or planned to allow secured Geoserver layers to be
integrated into a map?
I do not want to degradate the functionalities of user/role management
of geoserver, as the AuthKey module seems to do.
It should be possible to send service requests over the backend (proxy)
with configured credentials for the catalog service.
Thanks for any hints
Stefan
--
Dipl. Ing. Stefan Overkamp
Laakmannsbusch 44, 42555 Velbert
tel.: 0177 / 79 76 159
over...@posteo.de
is it possible and/or planned to allow secured Geoserver layers to be
integrated into a map?
I do not want to degradate the functionalities of user/role management
of geoserver, as the AuthKey module seems to do.
It should be possible to send service requests over the backend (proxy)
with configured credentials for the catalog service.
Thanks for any hints
Stefan
--
Dipl. Ing. Stefan Overkamp
Laakmannsbusch 44, 42555 Velbert
tel.: 0177 / 79 76 159
over...@posteo.de
Simone Giannecchini
Aug 25, 2020, 11:28:33 AM8/25/20
to mapstore-...@googlegroups.com
Hi Stefan,
I don't think what you are asking is possible without code customizations.
That said, what degradation do you see with AuthKey?
Just trying to understand...
Regards,
Simone Giannecchini
Simone Giannecchini
==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services for more information.
==
Ing. Simone Giannecchini
@simogeo
Founder/Director
==
Ing. Simone Giannecchini
@simogeo
Founder/Director
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
mob: +39 333 8128928
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
--
You received this message because you are subscribed to the Google Groups "mapstore-developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mapstore-develo...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/mapstore-developers/508b20cb-77e0-e132-6160-f60ef48fcf1d%40posteo.de.
Stefan Overkamp
Aug 26, 2020, 6:06:21 AM8/26/20
to mapstore-...@googlegroups.com, Simone Giannecchini
Hi,
https://mapstore.readthedocs.io/en/latest/developer-guide/integrations/users/geoserver/
explains how to share users, groups and roles between MapStore and GeoServer.
explains how to share users, groups and roles between MapStore and GeoServer.
There you can read: "Limits of this solution
This solution partially degradates the functionalities of user management UI of GeoServer (for users, groups and roles that belong to MapStore).
This solution partially degradates the functionalities of user management UI of GeoServer (for users, groups and roles that belong to MapStore).
If you want to use this solution, you should use
the MapStore's user mananger and avoid the GeoSever's one."
We have a GeoServer running with
UserGroupService and RoleService coming
from LDAP.
I would like to avoid a second UserGroupService and RoleService comming from MapStore (GeoStore).
I would like to avoid a second UserGroupService and RoleService comming from MapStore (GeoStore).
Thats
the background of my question.
I
will test a second Geoserver instance with the authkey
solution
and try to specify our needs in detail.
and try to specify our needs in detail.
Many
Thanks
Stefan
To view this discussion on the web, visit https://groups.google.com/d/msgid/mapstore-developers/CAGY2-JNh0SFBuSwJkPrGB_vOmawUZgpKYCGmTdHJccdZOQrc9w%40mail.gmail.com.
Michael Steigemann
Aug 26, 2020, 6:26:02 AM8/26/20
to mapstore-...@googlegroups.com, Simone Giannecchini
Hi Stefan!
Should the secured geoserver layers be available in mapstore with or without login?
If you need it with login in mapstore it works following https://github.com/geosolutions-it/MapStore2/wiki/MapStore2-users-GeoServer-integration-with-Authkey
If you like I can explain what I have set up successful in German (by phone?!).
All the best, Michael
To view this discussion on the web, visit https://groups.google.com/d/msgid/mapstore-developers/afee8bf0-af28-8ddc-86ff-abfdc4d4857a%40posteo.de.
Mauro Bartolomeoli
Aug 27, 2020, 2:16:34 AM8/27/20
to mapstore-...@googlegroups.com
Hi Stefan,
Il giorno mer 26 ago 2020 alle ore 12:06 Stefan Overkamp <over...@posteo.de> ha scritto:
Hi,
https://mapstore.readthedocs.io/en/latest/developer-guide/integrations/users/geoserver/
explains how to share users, groups and roles between MapStore and GeoServer.
There you can read: "Limits of this solution
This solution partially degradates the functionalities of user management UI of GeoServer (for users, groups and roles that belong to MapStore).
If you want to use this solution, you should use the MapStore's user mananger and avoid the GeoSever's one."
We have a GeoServer running with UserGroupService and RoleService coming from LDAP.
I would like to avoid a second UserGroupService and RoleService comming from MapStore (GeoStore).
If you already have a LDAP based users database, it is possible to use that with MapStore, instead (or in addition) to its own database. In that case the shared MapStore - GeoServer user base will be the LDAP one.
Authkey is needed anyway to share authentication, only the users database will be LDAP instead of H2/PostgreSQL for both.
We have some custom projects where LDAP is configured, this one for example: https://github.com/geosolutions-it/MapStore2-C040
The trick is using a custom spring security configuration (https://github.com/geosolutions-it/MapStore2-C040/blob/master/web/src/main/resources-filtered/WEB-INF/classes/geostore-spring-security.xml) that enables
There is some documentation on LDAP integration here: https://mapstore.readthedocs.io/en/latest/developer-guide/integrations/users/ldap/
Hope this helps.
--
Regards,
Mauro Bartolomeoli
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
Dott. Mauro Bartolomeoli
@mauro_bart
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
mobile: +39 393 904 1756
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
Stefan Overkamp
Aug 31, 2020, 9:50:28 AM8/31/20
to mapstore-...@googlegroups.com, Mauro Bartolomeoli
Hi Mauro,
Thanks for your reply.
Up to now I have only solved testing
user credentials against ldap.
getGroupsOrRoles failed with NPE on
addAuthority
DEBUG 2020-08-25 08:37:05.595
GeoStoreLdapAuthoritiesPopulator.getGroupsOrRoles() - Searching
for roles for user 'overkamp', DN =
'cn=overkamp,ou=user,dc=metropole,dc=ruhr', with filter
(objectClass=groupOfNames)(member=cn={0},ou=user,dc=metropole,dc=ruhr)
in search base 'ou=ogc_dienste'
DEBUG 2020-08-25 08:37:05.737 GeoStoreLdapAuthoritiesPopulator.addAuthorities() - Authorities from search: [it.geosolutions.geostore.services.rest.security.GeoStoreLdapAuthoritiesPopulator$Authority@20011c9e, it.geosolutions.geostore.services.rest.security.GeoStoreLdapAuthoritiesPopulator$Authority@a7ee5e5, it.geosolutions.geostore.services.rest.security.GeoStoreLdapAuthoritiesPopulator$Authority@50c4200b]
ERROR 2020-08-25 08:37:05.738 UserLdapAuthenticationProvider.authenticate() -
java.lang.NullPointerException
at it.geosolutions.geostore.services.rest.security.GeoStoreLdapAuthoritiesPopulator.addAuthority(GeoStoreLdapAuthoritiesPopulator.java:252)
DEBUG 2020-08-25 08:37:05.737 GeoStoreLdapAuthoritiesPopulator.addAuthorities() - Authorities from search: [it.geosolutions.geostore.services.rest.security.GeoStoreLdapAuthoritiesPopulator$Authority@20011c9e, it.geosolutions.geostore.services.rest.security.GeoStoreLdapAuthoritiesPopulator$Authority@a7ee5e5, it.geosolutions.geostore.services.rest.security.GeoStoreLdapAuthoritiesPopulator$Authority@50c4200b]
ERROR 2020-08-25 08:37:05.738 UserLdapAuthenticationProvider.authenticate() -
java.lang.NullPointerException
at it.geosolutions.geostore.services.rest.security.GeoStoreLdapAuthoritiesPopulator.addAuthority(GeoStoreLdapAuthoritiesPopulator.java:252)
It seems the found Authorities can't be
added, because they make problems
Stefan
--
You received this message because you are subscribed to the Google Groups "mapstore-developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mapstore-develo...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/mapstore-developers/CAMyxr658%3DQZ9_rsqrz7mJVZ7noMLBeWxgCQqGBJWuPLziaCMyw%40mail.gmail.com.
Mauro Bartolomeoli
Aug 31, 2020, 10:37:31 AM8/31/20
to mapstore-...@googlegroups.com
Hi Stefan,
java.lang.NullPointerException
at it.geosolutions.geostore.services.rest.security.GeoStoreLdapAuthoritiesPopulator.addAuthority(GeoStoreLdapAuthoritiesPopulator.java:252)It seems the found Authorities can't be added, because they make problems
it looks like the attribute extracted from LDAP with the group / role name is null. The default attribute used is "cn", but it can be configured to use a different one, if that one is not populated, using the groupRoleAttribute of the populator bean.
Mauro
Stefan Overkamp
Aug 31, 2020, 11:09:41 AM8/31/20
to mapstore-...@googlegroups.com, Mauro Bartolomeoli
Hi,
the Groups have an attribute "cn" (e.g.
cn=radroutenspeicher,ou=ogc_dienste,dc=metropole,dc=ruhr)
and multiple member attributes with the
group members (users).
I have this in my
geostore-spring-security.xml
<constructor-arg>
<bean
class="it.geosolutions.geostore.services.rest.security.GeoStoreLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<!-- groupSearchBase -->
<constructor-arg value="ou=ogc_dienste" />
<!-- roleSearchBase -->
<constructor-arg value="ou=ogc_dienste" />
<property name="groupSearchFilter" value="(member=cn={0},ou=user,dc=metropole,dc=ruhr)" />
<property name="roleSearchFilter" value="(member=cn={0},ou=user,dc=metropole,dc=ruhr)" />
<!--
cn=geostore,ou=groups,dc=metropole,dc=ruhr
the GeoStore convention is:
* Groups starting with 'ROLE_' will be threated as Auth Roles
* Groups starting withOUT 'ROLE_' will be threated as Groups
-->
<property name="rolePrefix" value="ROLE_" />
<property name="searchSubtree" value="true" />
<property name="convertToUpperCase" value="true" />
<property name="authoritiesMapper">
<bean class="it.geosolutions.geostore.core.security.SimpleGrantedAuthoritiesMapper">
<constructor-arg>
<map>
<entry key="ROLE_ADMIN" value="ROLE_ADMIN"/>
</map>
</constructor-arg>
</bean>
</property>
</bean>
</constructor-arg>
<bean
class="it.geosolutions.geostore.services.rest.security.GeoStoreLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<!-- groupSearchBase -->
<constructor-arg value="ou=ogc_dienste" />
<!-- roleSearchBase -->
<constructor-arg value="ou=ogc_dienste" />
<property name="groupSearchFilter" value="(member=cn={0},ou=user,dc=metropole,dc=ruhr)" />
<property name="roleSearchFilter" value="(member=cn={0},ou=user,dc=metropole,dc=ruhr)" />
<!--
cn=geostore,ou=groups,dc=metropole,dc=ruhr
the GeoStore convention is:
* Groups starting with 'ROLE_' will be threated as Auth Roles
* Groups starting withOUT 'ROLE_' will be threated as Groups
-->
<property name="rolePrefix" value="ROLE_" />
<property name="searchSubtree" value="true" />
<property name="convertToUpperCase" value="true" />
<property name="authoritiesMapper">
<bean class="it.geosolutions.geostore.core.security.SimpleGrantedAuthoritiesMapper">
<constructor-arg>
<map>
<entry key="ROLE_ADMIN" value="ROLE_ADMIN"/>
</map>
</constructor-arg>
</bean>
</property>
</bean>
</constructor-arg>
Many thanks for your help.
Stefan
--
You received this message because you are subscribed to the Google Groups "mapstore-developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mapstore-develo...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/mapstore-developers/CAMyxr67DOdjHPGMa0AKgaPMaTgHWkKp_MWh%2BJqPbByX0s8Jocw%40mail.gmail.com.
Stefan Overkamp
Aug 31, 2020, 11:26:58 AM8/31/20
to mapstore-...@googlegroups.com, Mauro Bartolomeoli
Hi,
I have partially solved my problem. The searchFilters have to be
<property name="groupSearchFilter" value="(member={0}" />
<property name="roleSearchFilter" value="(member={0}" />
instead of:
Next I will try the authKey module in geoserver.
Stefan
I have partially solved my problem. The searchFilters have to be
<property name="groupSearchFilter" value="(member={0}" />
<property name="roleSearchFilter" value="(member={0}" />
instead of:
> <property name="groupSearchFilter"
> value="(member=cn={0},ou=user,dc=metropole,dc=ruhr)" />
> <property name="roleSearchFilter"
> value="(member=cn={0},ou=user,dc=metropole,dc=ruhr)" />
With that my geostore gs_usergroup get filled with the ldap groups.
> value="(member=cn={0},ou=user,dc=metropole,dc=ruhr)" />
> <property name="roleSearchFilter"
> value="(member=cn={0},ou=user,dc=metropole,dc=ruhr)" />
Next I will try the authKey module in geoserver.
Stefan
Mauro Bartolomeoli
Sep 29, 2020, 5:43:18 AM9/29/20
to mapstore-...@googlegroups.com
Great!
Stefan Overkamp
May 17, 2021, 4:10:39 AM5/17/21
to mapstore-...@googlegroups.com
Dear List,
my mapstore map has problems with showing background layers in leaflet
viewer.
Using openlayers all is fine:
https://mapstore.geodaten-velbert.de/#/viewer/openlayers/130
In leaflet or on mobile devices no images from backgroundlayers are shown:
https://mapstore.geodaten-velbert.de/#/viewer/leaflet/130
Switching the background layer in leaflet shows successful getMap
requests (chrome developer tools) but no image is displayed in the map.
Is there any special configuration needed for leaflet?
Thanks for any hints
Stefan
--
Dipl. Ing. Stefan Overkamp
over...@posteo.de
my mapstore map has problems with showing background layers in leaflet
viewer.
Using openlayers all is fine:
https://mapstore.geodaten-velbert.de/#/viewer/openlayers/130
In leaflet or on mobile devices no images from backgroundlayers are shown:
https://mapstore.geodaten-velbert.de/#/viewer/leaflet/130
Switching the background layer in leaflet shows successful getMap
requests (chrome developer tools) but no image is displayed in the map.
Is there any special configuration needed for leaflet?
Thanks for any hints
Stefan
--
Dipl. Ing. Stefan Overkamp
Lorenzo Natali
May 18, 2021, 4:28:44 AM5/18/21
to mapstore-developers
Hi,
Leaflet maps works only in EPSG:3857 (EPSG:900913).
While WMS layers is asked in 3857 by MapStore, WMTS service you added seems to support only EPSG:25832. (as far as I can see from the map configuration the projection has not been found in the WMTS GetCapabilities).
Anyway looking at the WMTS service you sent, the gridset seems to be supported. Maybe webmarcator gridset has been created in a second time?
I can suggest to try to recreate the map with the new configuration.
Lorenzo Natali
May 18, 2021, 9:35:55 AM5/18/21
to mapstore-developers
Sorry, I didn't noticed this question has been asked on a closed thread.
Can you please open different a thread for different questions, if you need more help ? It helps us to reply and other users with the same question to find their answers.
Thank you very much.
Stefan Overkamp
May 19, 2021, 9:37:08 AM5/19/21
to mapstore-...@googlegroups.com
Dear list,
I made a new map with wmts background layers supporting both 25832 and 3857.
In https://mapstore.geodaten-velbert.de/#/viewer/openlayers/396
you can switch between EPSG:25832 (default) and EPSG:3857.
Doing the switch, the scale of the map changes massively (e.g. EPSG:25832 1:9028 -> EPSG:3857 1:288896)
Is there a configuration to fix the scale during crs change?
leaflet:
Doing a https://mapstore.geodaten-velbert.de/#/viewer/leaflet/396 not all wmts background layers can be shown in leaflet client.
The tilecol and tilerow of the requests seem to not fit to tilematrix.
I succeeded in showing the default background layer (Stadtplan (light)) in leaflet client. But switching to others leads to not showing the layer.
Any hints?
3d:
With EPSG:3857 configured I can switch to 3D view (cesium).
Having only EPSG:25832 led to an error message when switching to 3d.
The background selector in 3d view shows an icon, meaning that switching background is not possible.
Many Thanks
Stefan
I made a new map with wmts background layers supporting both 25832 and 3857.
In https://mapstore.geodaten-velbert.de/#/viewer/openlayers/396
you can switch between EPSG:25832 (default) and EPSG:3857.
Doing the switch, the scale of the map changes massively (e.g. EPSG:25832 1:9028 -> EPSG:3857 1:288896)
Is there a configuration to fix the scale during crs change?
leaflet:
Doing a https://mapstore.geodaten-velbert.de/#/viewer/leaflet/396 not all wmts background layers can be shown in leaflet client.
The tilecol and tilerow of the requests seem to not fit to tilematrix.
I succeeded in showing the default background layer (Stadtplan (light)) in leaflet client. But switching to others leads to not showing the layer.
Any hints?
3d:
With EPSG:3857 configured I can switch to 3D view (cesium).
Having only EPSG:25832 led to an error message when switching to 3d.
The background selector in 3d view shows an icon, meaning that switching background is not possible.
Many Thanks
Stefan
--
You received this message because you are subscribed to the Google Groups "mapstore-developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mapstore-develo...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/mapstore-developers/b5d0405f-1efe-47a2-abac-d36aa29cfcbcn%40googlegroups.com.
-- Dipl. Ing. Stefan Overkamp Laakmannsbusch 44, 42555 Velbert tel.: 0177 / 79 76 159 over...@posteo.de
Reply all
Reply to author
Forward
0 new messages