Hi,
this looks like a bug.
Could you please open a JIRA ticket?
Regards,
Mauro
2017-05-09 13:08 GMT+02:00 GIS Hallstahammar <[email protected]>:
> Hi,
>
> First some information about our setup:
>
> GeoServer: 2.11.0
> Java: 1.8.0_92 (64 bits)
> OS: Windows Server 2012 R2
> Web server: Apache httpd 2.4.25
> Application server: Tomcat 8.5
>
> We are trying to get LDAP working with authentication through the use of
> headers. LDAP works fine when we login using the web interface, we are
> assigned the correct roles and can access layers that are secured.
> Following this guide: http://docs.geoserver.o
> rg/latest/en/user/security/tutorials/credentialsfromheaders/index.html we
> are able to get it to work with headers using local users (we can use curl
> and send authentication headers and it returns the response of
> GetCapabilities). This is the curl command used:
>
> curl -v -H "X-Credentials: private-user=admin&private-pw=geoserver" "
> http://localhost:8080/geoserver/wms?service=WMS&version=1.
> 1.1&request=GetCapabilities"
>
>
> However, if we try using an active directory user, we encounter the
> following message (from Tomcats' log):
>
> 08-May-2017 16:37:32.854 SEVERE [http-nio-8080-exec-1]
> org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service()
> for servlet [dispatcher] in context with path [/geoserver] threw exception
> at org.geoserver.security.filter.GeoServerCredentialsFromReques
> tHeaderFilter.doAuthenticate(GeoServerCredentialsFromRequest
> HeaderFilter.java:165)
> java.lang.ClassCastException: org.springframework.security.c
> ore.authority.SimpleGrantedAuthority cannot be cast to
> org.geoserver.security.impl.GeoServerRole
>
> Full Tomcat log is available here: https://pastebin.com/hUXPSFLL
>
>
> However. in the GeoServer log it says the user was successfully logged in
> just moments before:
>
> 2017-05-08 16:37:32,839 TRACE [geoserver.security] - logged in as USER
>
>
> Any ideas on what might be causing this?
>
> Any help or input is appreciated.
>
>
> Thanks,
>
> Markus.
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Geoserver-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
