-
Notifications
You must be signed in to change notification settings - Fork 94
Proposal #1: automatic user registration on incoming requests
The use case of this proposal is the integration of GeoStore in an external security infrastructure, where users are managed externally and cannot be controlled directly. In these use case often is a requirement that new users are automatically recognized by the system with basic permissions (something more of an anymous user, we can call it a registered and named user). It is also desiderable that users could be recognized by other means than the default HTTP basic authentication.
We propose to:
- add new configuration options to enable users auto-create (with or without password), with given attributes/permissions
- allow user recognition by external, configurable headers (other than the HTTP basic authentication Authorization header) or environment variables, set by the external security infrastructure.
An example of application is the integration of GeoStore into a Shibboleth controlled security infrastructure. Shibboleth adds headers or environment variables to each GeoStore request, that should be used to recognize users and allow them access to the system.
Both features have been implemented in a specific branch for the Destination project. If there is interest in the proposal we can generalize it a bit and merge it on the master branch.