Please ignore this duplicate.
From: Boden, Allan (SSS Public Safety) via Geoserver-users <geoserver-users@lists.sourceforge.net> Sent: 23 November 2022 12:57 To: geoserver-users@lists.sourceforge.net Subject: [Geoserver-users] GeoServer Using OAuth 2 And The OpenID Connect Plugin **EXTERNAL** Dear mailing list members, * GeoSrver 2.21.2 * Java 8 Update 171 * Windows Server 2019 * AD FS Running On Windows Server 2016 I am trying to implement OAuth2 using the OpenID Connect plugin communicating with our on-premises AD FS . I have followed this guide https://docs.geoserver.org/2.21.x/en/user/community/oauth2/index.html and used the 'geoserver-2.21-SNAPSHOT-sec-oauth2-openid-connect-plugin' but GeoServer will not login. This is the flow: 1. Browse to the GeoServer URL: https://xxxxxxx/geoserver 1. Click on the OpenID Connect Button <GeoServerInital.jpg> 1. This correctly presents the AD FS authentication window where I enter the correct credentials N.B. This is the URL shown in the browser: https://xxxxxxx/adfs/oauth2/authorize/?response_type=code&client_id=xxxxxxx&scope=user%20openid%20profile&redirect_uri=https://xxxxxxx/geoserver&response_mode=query <ADFS_Authentication.jpg> 1. After clicking 'Sign In' on the AD FS Authentication window it redirects me back to GeoServer but I am simply presented the login screen again: <RedirectBackToGeoServer.jpg> N.B. The URL in the browser at this point is: https://xxxxxxx/geoserver/web/?1 Although verbose logging is turned on there is nothing in the GeoServer logs. This is the config used in the 'Authentication using OpenId Connect' screen: <OAuthConfig.jpg> These are the full url's from the above screenshot as they are clipped in the picture: Access Token URI https://xxxxxx/adfs/oauth2/token/ User Authorization URI https://xxxxxx/adfs/oauth2/authorize/ Redirect URI https://xxxxxx/geoserver Check Token Endpoint URL https://xxxxxx/adfs/oauth2/token/ Logout URI https://xxxxxx/adfs/oauth2/logout JSON Web Key set URI https://xxxxxx/adfs/discovery/keys Any help would be very much appreciated. Thanks in advance. Allan This message has been scanned for malware by Forcepoint. www.forcepoint.com<http://www.forcepoint.com/> Click here<https://www.mailcontrol.com/sr/1CeirvsV_mvGX2PQPOmvUuT-IDOo3OtHuszlfCbGv6qcFzU-afxwVyZ9LRlvKAx7oOCtMbVPztcgL4AI7al_HQ==> to report this email as spam. This email originates from outside of Capita. Keep this in mind before responding, opening attachments or clicking any links. Unless you recognise the sender and know the content is safe. If in any doubt, the grammar and spelling are poor, or the name doesn't match the email address then please contact the sender via an alternate known method.
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
