[Open.ogc] services.ogc.noaa.gov password protected under SSL (https)

Tim Haverland - NOAA Federal tim.haverland at noaa.gov
Fri Jan 2 22:11:59 UTC 2015 

What you suggest would be very helpful and allow my calls to geoserver to
be protocol relative.

I have redirected all https calls to my map to http at the moment.

Tim

On Fri, Jan 2, 2015 at 5:07 PM, Micah Wengren <micah.wengren at noaa.gov>
wrote:

>  Tim/WOC,
>
> I think the reason for the extra authentication step for HTTPS was to
> prevent public from being able to access /geoserver/web (with login form
> components) for preventing brute force password attacks and such.
>
> I can't think of a reason to not allow HTTPS access to the /geoserver/wms
> and /geoserver/wfs paths though.
>
> This might be something to look into potentially relaxing, if the WOC is
> willing to make that change and web server config allows it to that level
> of granularity.
>
> Micah
>
>
> On 12/4/2014 12:09 PM, Tim Haverland - NOAA Federal wrote:
>
> Hi Micah,
>
>  Yes, I was trying to avoid the situation where someone loads our map
> page via https and our calls to services using http are blocked by the
> browser.
>
>  I can have our sysadmin redirect all https requests to my page to http,
> but was hoping to avoid that by simply making my service URLs protocol
> relative.
>
>  Is there a reason why services.ogc.noaa.gov requests a password for ssl?
> Are there services that I can't get to via HTTP but can with HTTPS?
>
>  Tim
>
> On Thu, Dec 4, 2014 at 9:48 AM, Micah Wengren - NOAA Federal <
> micah.wengren at noaa.gov> wrote:
>
>>   Tim,
>>
>>  Your goal is to have your web map SSL-enabled (to allow restricted views
>> with a user login for example), or are you just trying to accommodate users
>> who come in to the Fisheries website over HTTPS?
>>
>>  If it's the latter, I think you should be able to hard-code the web map
>> requests to go over HTTP regardless of which protocol users come to the
>> site through.  This way they shouldn't get the login prompt from a non-NOAA
>> network to access services.ogc.noaa.gov.  The drawback to that is that
>> the browser will give a warning message because some content is coming over
>> HTTP.  That's the case for the NOAA Data Catalog, because the tile provider
>> only supports HTTP not HTTPS: https://data.noaa.gov/dataset (the browser
>> will show a warning message rather than a secure connection message).
>>
>>  It might be more complicated in your case though because you're making
>> GetFeatureInfo requests to the service that return XML instead of map
>> tiles.  I don't know how that would differ.
>>
>>
>>  Can you look into that before we investigate making any changes to the
>> HTTPS access policies?
>>
>>
>>  Micah
>>
>>
>>  On Wed, Dec 3, 2014 at 5:46 PM, Tim Haverland - NOAA Federal <
>> tim.haverland at noaa.gov> wrote:
>>
>>>  Hi all,
>>>
>>>  Recently I've been trying to enable an application that uses noaa ogc
>>> services to run under https. When I do so, the application runs when I'm at
>>> work, but from home (and no VPN) it asks that I enter my noaa email
>>> username/pwd.
>>>
>>>  This is fine for me but won't work for public users of my application.
>>>
>>>  Is there a reason that ssl access to services.ogc.noaa.gov requires
>>> login for users that aren't on a noaa network (I assume).
>>>
>>>  Here's the app if anyone want to see this behavior in action:
>>>
>>>  Works anywhere:
>>> http://www.st.nmfs.noaa.gov/humandimensions/social-indicators/map-copy
>>>
>>>  Requires password for I assume non-noaa network users:
>>> https://www.st.nmfs.noaa.gov/humandimensions/social-indicators/map-copy
>>>
>>>  I suppose I could redirect users coming in on https to http, but that
>>> causes other headaches on my end.
>>>
>>>  Any thoughts?
>>>
>>>  Tim
>>>
>>>  --
>>>  *Tim Haverland*
>>> Acting Operations Branch Chief
>>> NOAA Fisheries Office of Science and Technology
>>> 1315 East-West Highway
>>> SSMC3 Rm 12303
>>> Silver Spring, MD 20910
>>> 301-427-8137
>>>
>>>  _______________________________________________
>>> Open.ogc mailing list
>>> Open.ogc at list.woc.noaa.gov
>>> https://list.woc.noaa.gov/cgi-bin/mailman/listinfo/open.ogc
>>>
>>>
>>
>
>
>  --
>  *Tim Haverland*
> Acting Operations Branch Chief
> NOAA Fisheries Office of Science and Technology
> 1315 East-West Highway
> SSMC3 Rm 12303
> Silver Spring, MD 20910
> 301-427-8137
>
>
>


-- 
*Tim Haverland*
Acting Operations Branch Chief
NOAA Fisheries Office of Science and Technology
1315 East-West Highway
SSMC3 Rm 12303
Silver Spring, MD 20910
301-427-8137
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.woc.noaa.gov/pipermail/open.ogc/attachments/20150102/c1a9d0e8/attachment-0001.html>

More information about the Open.ogc mailing list