Hi, This is a request to create a new community module.
This is a fairly simple security module for header-based OAUTH2/OIDC type authentication - for example Apache mod_auth_openid and robot-base-access with JWT Access Tokens. New functionality: 1. Extract user name from a JSON header (including json path) 2. Extract user name from an attached JWT token 3. Extract Roles from JSON Header (including json path) 4. Extract Roles from JWT Header (including json path) 5. Role Translation from the external (IDP) names to internal GeoServer role names 6. Access Token Validation; + signature validation + expiry validation + IDP external endpoint validation (including subject validation) + audience validation Test coverage is about 90%. I will create a PR when approved. Code - https://github.com/davidblasby/geoserver/tree/_jwtheaders/src/community/jwt-headers Doc - https://github.com/davidblasby/geoserver/tree/_jwtheaders/doc/en/user/source/community/jwt-headers NOTE: I just put together the docs today - will be making them a bit "nicer" next week. Some of the functionality is available in the very simple Headers security extension and the oauth2-* community modules. This module is much simpler, much more complete, and MUCH easier to maintain/test/configure. In fact, if you want to use OIDC and are willing to put your geoserver behind apache (with mod_auth_openid), this module makes it MUCH MUCH easier to setup and maintain wrt the oauth2-* community modules. If you want to have GeoServer communicate DIRECTLY with your OIDC IDP, continue using the oauth2-* community modules. NOTE: I am planning to add similar functionality to GeoNetwork. Thanks, Dave
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel