[Open.ogc] services.ogc.noaa.gov password protected under SSL (https)
Tim Haverland - NOAA Federal
tim.haverland at noaa.gov
Thu Dec 4 17:09:12 UTC 2014
Hi Micah,
Yes, I was trying to avoid the situation where someone loads our map page
via https and our calls to services using http are blocked by the browser.
I can have our sysadmin redirect all https requests to my page to http, but
was hoping to avoid that by simply making my service URLs protocol relative.
Is there a reason why services.ogc.noaa.gov requests a password for ssl?
Are there services that I can't get to via HTTP but can with HTTPS?
Tim
On Thu, Dec 4, 2014 at 9:48 AM, Micah Wengren - NOAA Federal <
micah.wengren at noaa.gov> wrote:
> Tim,
>
> Your goal is to have your web map SSL-enabled (to allow restricted views
> with a user login for example), or are you just trying to accommodate users
> who come in to the Fisheries website over HTTPS?
>
> If it's the latter, I think you should be able to hard-code the web map
> requests to go over HTTP regardless of which protocol users come to the
> site through. This way they shouldn't get the login prompt from a non-NOAA
> network to access services.ogc.noaa.gov. The drawback to that is that
> the browser will give a warning message because some content is coming over
> HTTP. That's the case for the NOAA Data Catalog, because the tile provider
> only supports HTTP not HTTPS: https://data.noaa.gov/dataset (the browser
> will show a warning message rather than a secure connection message).
>
> It might be more complicated in your case though because you're making
> GetFeatureInfo requests to the service that return XML instead of map
> tiles. I don't know how that would differ.
>
>
> Can you look into that before we investigate making any changes to the
> HTTPS access policies?
>
>
> Micah
>
>
> On Wed, Dec 3, 2014 at 5:46 PM, Tim Haverland - NOAA Federal <
> tim.haverland at noaa.gov> wrote:
>
>> Hi all,
>>
>> Recently I've been trying to enable an application that uses noaa ogc
>> services to run under https. When I do so, the application runs when I'm at
>> work, but from home (and no VPN) it asks that I enter my noaa email
>> username/pwd.
>>
>> This is fine for me but won't work for public users of my application.
>>
>> Is there a reason that ssl access to services.ogc.noaa.gov requires
>> login for users that aren't on a noaa network (I assume).
>>
>> Here's the app if anyone want to see this behavior in action:
>>
>> Works anywhere:
>> http://www.st.nmfs.noaa.gov/humandimensions/social-indicators/map-copy
>>
>> Requires password for I assume non-noaa network users:
>> https://www.st.nmfs.noaa.gov/humandimensions/social-indicators/map-copy
>>
>> I suppose I could redirect users coming in on https to http, but that
>> causes other headaches on my end.
>>
>> Any thoughts?
>>
>> Tim
>>
>> --
>> *Tim Haverland*
>> Acting Operations Branch Chief
>> NOAA Fisheries Office of Science and Technology
>> 1315 East-West Highway
>> SSMC3 Rm 12303
>> Silver Spring, MD 20910
>> 301-427-8137
>>
>> _______________________________________________
>> Open.ogc mailing list
>> Open.ogc at list.woc.noaa.gov
>> https://list.woc.noaa.gov/cgi-bin/mailman/listinfo/open.ogc
>>
>>
>
--
*Tim Haverland*
Acting Operations Branch Chief
NOAA Fisheries Office of Science and Technology
1315 East-West Highway
SSMC3 Rm 12303
Silver Spring, MD 20910
301-427-8137
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.woc.noaa.gov/pipermail/open.ogc/attachments/20141204/1173f72e/attachment.html>
More information about the Open.ogc
mailing list