Hi Jody, I’m just writing to confirm that I’ve started working on this task.
Did I understand correctly that, for now, the focus is on gs-sec-oidc providing “Login” with OpenID Connect rather than enabling GeoServer to act as a resource server in the OAuth2 sense? Best regards, Andreas Von: Jody Garnett <jody.garn...@gmail.com> Gesendet: Dienstag, 20. August 2024 18:21 An: Watermeyer, Andreas <andreas.waterme...@its-digital.de> Cc: geoserver-devel@lists.sourceforge.net Betreff: Re: [Geoserver-devel] Spring Security Upgrade [Externe E-Mail] Vorsicht beim Öffnen von Links und Anhängen. / Be careful when opening links and attachments. Welcome back Andreas, GeoCat is very much focused on OIDC and brining up such an extension to supported status. What does that mean for the existing OIDC extension in the community section? Here is my mad plan: 1. leave the existing gs-sec-oauth2-openid-connect community module in place - it can continue to operate for the 2.26 release cycle ... and be removed for 2.27.x when the spring-framework-6 update happens 2. make a copy as a new gs-sec-oidc module and adapt the spring-security-framework OAuth2 client ... to be developed during the 2.27 release cycle in September 3. folks can migrate to the new implementation while we use spring-security 5.8 and both are operational 4. when the spring-security 6.3 update happens gs-sec-oauth2-openid-connect is removed, and gs-sec-oidc remains available 5. once it meets the graduation requirements GeoCat would like to propose the new module as an extension. It may be a bit challenging (setting up some kind of online testing with GitHub workflow to achieve test coverage for example) BTW: I will also be on holiday now until 2024-08-13. I am speaking with my boss tomorrow, everyone has been away on vacation! I made a post<https://geoserver.org/behind%20the%20scenes/2024/07/22/developer-update.html> and GeoServer project steering committee has picked up one new silver sponsor ($3000/annual). I am still hoping for more interested parties (specificly for the github / google / geonode modules). - - Jody Garnett On Aug 13, 2024 at 8:41:34 AM, "Watermeyer, Andreas" <andreas.waterme...@its-digital.de<mailto:andreas.waterme...@its-digital.de>> wrote: Hi Jody, I am back now. Please let me know when we can discuss how to continue with this. I will pause the task in the meantime. Best regards, Andreas Von: Jody Garnett <jody.garn...@gmail.com<mailto:jody.garn...@gmail.com>> Gesendet: Donnerstag, 25. Juli 2024 18:12 An: Watermeyer, Andreas <andreas.waterme...@its-digital.de<mailto:andreas.waterme...@its-digital.de>> Cc: geoserver-devel@lists.sourceforge.net<mailto:geoserver-devel@lists.sourceforge.net> Betreff: Re: [Geoserver-devel] Spring Security Upgrade [Externe E-Mail] Vorsicht beim Öffnen von Links und Anhängen. / Be careful when opening links and attachments. Enjoy you vacation, I will be away for some weeks also. Lets catch up when we return (and hopefully some other parties will of stepped forward as interested by then). -- Jody Garnett On Jul 25, 2024 at 3:42:13 AM, "Watermeyer, Andreas" <andreas.waterme...@its-digital.de<mailto:andreas.waterme...@its-digital.de>> wrote: Hi Jody, > GeoCat is very much focused on OIDC and brining up such an extension to > supported status. What does that mean for the existing OIDC extension in the community section? BTW: I will also be on holiday now until 2024-08-13. Best regards, Andreas Watermeyer Von: Jody Garnett <jody.garn...@gmail.com<mailto:jody.garn...@gmail.com>> Gesendet: Montag, 22. Juli 2024 18:52 An: Watermeyer, Andreas <andreas.waterme...@its-digital.de<mailto:andreas.waterme...@its-digital.de>> Cc: geoserver-devel@lists.sourceforge.net<mailto:geoserver-devel@lists.sourceforge.net> Betreff: Re: [Geoserver-devel] Spring Security Upgrade [Externe E-Mail] Vorsicht beim Öffnen von Links und Anhängen. / Be careful when opening links and attachments. Hi Andreas, Thanks for replying I will update and publish the blog post. GEOS-11271 That is great news that it is going smoothly. GEOS-11272 GeoCat is very much focused on OIDC and brining up such an extension to supported status. The blog post is in part to see if anyone has capacity (or budget) to take on the generic OAauth2 functionality. Our developer who did the upgrade is on vacation presently, and may or may not be available to work on this when they return. Automated tests would be amazing - and test coverage is one of the tasks to hit to make this into a supported extension. If you are in position to start on this activity please go ahead, or we can talk about approach now. -- Jody Garnett On Mon, Jul 22, 2024 at 1:44 AM Watermeyer, Andreas <andreas.waterme...@its-digital.de<mailto:andreas.waterme...@its-digital.de>> wrote: Hi Jody, regarding GEOS-11271- Upgrade spring-security to 5.8: I started to work on this now. The upgrade itself seems to be limited to adjusting the pom only. I am now about to do some integration testing, also to become familiar with the GS functionality in that area. Regarding GEOS-11272 spring-security-oauth replacement, with spring-security 5.8: Considering GeoCat has done the same upgrade for the GeoNetwork codebase, GeoCat is probably in a much better position to work on this. Therefor I suggest that GeoCat takes over this task. We could either provide further support on this task, for example in testing (manual or automated). I suppose automated integration tests are not yet existing. I suppose it would be possible to setup some integration tests with a dockerized OIDC server, for example Spring Authorization Server. Also, something else would be Ok to work on, for example “Refactor inline JavaScript in the OGC API modules” seems possible. What do you think? Best regards, Andreas Von: Jody Garnett <jody.garn...@gmail.com<mailto:jody.garn...@gmail.com>> Gesendet: Freitag, 19. Juli 2024 08:01 An: Watermeyer, Andreas <andreas.waterme...@its-digital.de<mailto:andreas.waterme...@its-digital.de>> Cc: geoserver-devel@lists.sourceforge.net<mailto:geoserver-devel@lists.sourceforge.net> Betreff: Re: [Geoserver-devel] Spring Security Upgrade [Externe E-Mail] Vorsicht beim Öffnen von Links und Anhängen. / Be careful when opening links and attachments. Here is the blog post for review: https://github.com/geoserver/geoserver.github.io/pull/205 I had a couple thoughts on how to approach the GEOS-11272 and have capacity to assist in this work. -- Jody Garnett On Thu, Jul 18, 2024 at 9:23 AM Jody Garnett <jody.garn...@gmail.com<mailto:jody.garn...@gmail.com>> wrote: That would be great, and fit very well with our roadmap planning. I am writing a blog post update about GEOS-11272 and other activities that are ready to be worked on. Can I list you and your employer as a party working in this blog post? -- Jody Garnett On Jul 18, 2024 at 3:37:57 AM, "Watermeyer, Andreas" <andreas.waterme...@its-digital.de<mailto:andreas.waterme...@its-digital.de>> wrote: Hi community, I am now starting to work on: GEOS-11271 : Upgrade spring-security to 5.8 GEOS-11272 : spring-security-oauth replacement, with spring-security 5.8 As far as I know no activities have taken place in this area so far. Otherwise please let me know. Regards, Andreas _______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net<mailto:Geoserver-devel@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
