Skip to content

Support for User-Provided Credentials to Access Secured WMS/WFS Layers #7157

New issue
New issue
Open
Open
Support for User-Provided Credentials to Access Secured WMS/WFS Layers#7157
@not-Karot

Description

@not-Karot
not-Karot
opened on May 16, 2024

Feature Request: User-Provided Credentials for WMS/WFS Private Layers

Description:
Currently, TerriaJS does not support a way to dynamically set up WMS/WFS private layers where users can provide their own credentials. The only available method is to hard-code the credentials in the configuration, which exposes them to the user or sets them as static credentials, posing security risks and inflexibility.

Feature Request:
It would be highly beneficial to implement a feature that allows users to input their own credentials for accessing private WMS/WFS layers. If the provided credentials are authorized by the WMS/WFS service, the user should be able to view the data on the TerriaJS map.

Use Case:

  1. Users need to access private geospatial data layers secured by credentials.
  2. Allowing users to input their own credentials ensures security and flexibility.
  3. Users authenticated by the WMS/WFS service can visualize the protected data seamlessly in TerriaJS.

Proposed Solution:

  • Implement a user interface component in TerriaJS that prompts users for their credentials when attempting to access a secured WMS/WFS layer.
  • Use these credentials to authenticate against the WMS/WFS service.
  • If authenticated successfully, allow the user to view and interact with the secured layer on the map.
  • Optionally, store these credentials securely for the session to avoid repeated prompts.

Benefits:

  • Enhanced security by avoiding hard-coded credentials in the configuration.
  • Improved user experience by providing flexibility to access protected layers.
  • Maintains the integrity of private data access in compliance with security protocols.

Example Configuration:
Here is a hypothetical example to illustrate how this could be configured:

{
  "catalog": [
    {
      "name": "Protected GeoServer Layer",
      "type": "wms",
      "url": "https://www.someurl.com/geoserver/wms",
      "layers": "workspace:layername",
      "requiresAuth": true
    }
  ]
}

When a user tries to access Protected GeoServer Layer, TerriaJS should prompt for credentials and authenticate them against the WMS service.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions