Hi all I am investigating the OAuth2 <http://docs.geoserver.org/stable/en/user/community/oauth2/index.html> community modules with v2.16.2. I have configured the Google provider and filter and added the username (gmail address actually) and linked it to an admin role, and that worked pretty well**. I still need to figure out if I can control the roles from the OAuth2 provider via scopes.
** Actually, I am now unsure that it ever logged me in as an admin. Perhaps I had manually logged in in another tab. This was the successful OAuth response: GET https://accounts.google.com/o/oauth2/auth?response_type=code&client_id= <snip>.apps.googleusercontent.com&scope= https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile&redirect_uri=https://localhost:8843/geoserver -> location: https://localhost:8843/geoserver?code=<snip>&scope=email+profile+ https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile+openid&authuser=0&prompt=none&session_state= <snip>..814a I then moved onto the Github module, configured it against a new app in my Github account and linked the username (Github username) to the admin role. This time, I got taken to the OAuth login page, I could see the username returned and the logs showed the admin roles obtained, but I remained logged out. > [geoserver.security] - Got roles [ADMIN, ROLE_ADMINISTRATOR] from UserGroupService for principal ... I have tried in different/incognito browsers, clearing cookies, etc. Ultimately I would like to authenticate against AWS Cognito, so I configured both the oauth2-github and oauth2-openid-connect plugins to the correct AWS auth URLs. There does not appear to be an icon or link to utilise the openid one (is this because it has to be in the HTTP header?), but the Github-configured-to-AWS-Cognito one worked, the same as to Github i.e. I could see my Cognito username being returned successfully, linked to the roles, but not logging in. The settings below are for AWS Cognito ref: docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html [image: github oauth provider.png][image: oauth chain.png] Has anyone managed to authenticate against AWS Cognito and can give me guidance? (or help with my other question: how to control the roles from the OAuth2 provider via scopes.) Thank you Peter
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
