[Open.ogc] services.ogc.noaa.gov password protected under SSL (https)

Chi Kang - NOAA Federal chi.y.kang at noaa.gov
Wed Jan 7 17:25:29 UTC 2015 

Tim / Micah I don't think i have an issue getting more granular but I
want to understand all the URLs involved first.

Can someone outline them for me as an example?


On Fri, Jan 2, 2015 at 5:11 PM, Tim Haverland - NOAA Federal
<tim.haverland at noaa.gov> wrote:
> What you suggest would be very helpful and allow my calls to geoserver to be
> protocol relative.
>
> I have redirected all https calls to my map to http at the moment.
>
> Tim
>
> On Fri, Jan 2, 2015 at 5:07 PM, Micah Wengren <micah.wengren at noaa.gov>
> wrote:
>>
>> Tim/WOC,
>>
>> I think the reason for the extra authentication step for HTTPS was to
>> prevent public from being able to access /geoserver/web (with login form
>> components) for preventing brute force password attacks and such.
>>
>> I can't think of a reason to not allow HTTPS access to the /geoserver/wms
>> and /geoserver/wfs paths though.
>>
>> This might be something to look into potentially relaxing, if the WOC is
>> willing to make that change and web server config allows it to that level of
>> granularity.
>>
>> Micah
>>
>>
>> On 12/4/2014 12:09 PM, Tim Haverland - NOAA Federal wrote:
>>
>> Hi Micah,
>>
>> Yes, I was trying to avoid the situation where someone loads our map page
>> via https and our calls to services using http are blocked by the browser.
>>
>> I can have our sysadmin redirect all https requests to my page to http,
>> but was hoping to avoid that by simply making my service URLs protocol
>> relative.
>>
>> Is there a reason why services.ogc.noaa.gov requests a password for ssl?
>> Are there services that I can't get to via HTTP but can with HTTPS?
>>
>> Tim
>>
>> On Thu, Dec 4, 2014 at 9:48 AM, Micah Wengren - NOAA Federal
>> <micah.wengren at noaa.gov> wrote:
>>>
>>> Tim,
>>>
>>> Your goal is to have your web map SSL-enabled (to allow restricted views
>>> with a user login for example), or are you just trying to accommodate users
>>> who come in to the Fisheries website over HTTPS?
>>>
>>> If it's the latter, I think you should be able to hard-code the web map
>>> requests to go over HTTP regardless of which protocol users come to the site
>>> through.  This way they shouldn't get the login prompt from a non-NOAA
>>> network to access services.ogc.noaa.gov.  The drawback to that is that the
>>> browser will give a warning message because some content is coming over
>>> HTTP.  That's the case for the NOAA Data Catalog, because the tile provider
>>> only supports HTTP not HTTPS: https://data.noaa.gov/dataset (the browser
>>> will show a warning message rather than a secure connection message).
>>>
>>> It might be more complicated in your case though because you're making
>>> GetFeatureInfo requests to the service that return XML instead of map tiles.
>>> I don't know how that would differ.
>>>
>>>
>>> Can you look into that before we investigate making any changes to the
>>> HTTPS access policies?
>>>
>>>
>>> Micah
>>>
>>>
>>> On Wed, Dec 3, 2014 at 5:46 PM, Tim Haverland - NOAA Federal
>>> <tim.haverland at noaa.gov> wrote:
>>>>
>>>> Hi all,
>>>>
>>>> Recently I've been trying to enable an application that uses noaa ogc
>>>> services to run under https. When I do so, the application runs when I'm at
>>>> work, but from home (and no VPN) it asks that I enter my noaa email
>>>> username/pwd.
>>>>
>>>> This is fine for me but won't work for public users of my application.
>>>>
>>>> Is there a reason that ssl access to services.ogc.noaa.gov requires
>>>> login for users that aren't on a noaa network (I assume).
>>>>
>>>> Here's the app if anyone want to see this behavior in action:
>>>>
>>>> Works anywhere:
>>>> http://www.st.nmfs.noaa.gov/humandimensions/social-indicators/map-copy
>>>>
>>>> Requires password for I assume non-noaa network users:
>>>> https://www.st.nmfs.noaa.gov/humandimensions/social-indicators/map-copy
>>>>
>>>> I suppose I could redirect users coming in on https to http, but that
>>>> causes other headaches on my end.
>>>>
>>>> Any thoughts?
>>>>
>>>> Tim
>>>>
>>>> --
>>>> Tim Haverland
>>>> Acting Operations Branch Chief
>>>> NOAA Fisheries Office of Science and Technology
>>>> 1315 East-West Highway
>>>> SSMC3 Rm 12303
>>>> Silver Spring, MD 20910
>>>> 301-427-8137
>>>>
>>>> _______________________________________________
>>>> Open.ogc mailing list
>>>> Open.ogc at list.woc.noaa.gov
>>>> https://list.woc.noaa.gov/cgi-bin/mailman/listinfo/open.ogc
>>>>
>>>
>>
>>
>>
>> --
>> Tim Haverland
>> Acting Operations Branch Chief
>> NOAA Fisheries Office of Science and Technology
>> 1315 East-West Highway
>> SSMC3 Rm 12303
>> Silver Spring, MD 20910
>> 301-427-8137
>>
>>
>
>
>
> --
> Tim Haverland
> Acting Operations Branch Chief
> NOAA Fisheries Office of Science and Technology
> 1315 East-West Highway
> SSMC3 Rm 12303
> Silver Spring, MD 20910
> 301-427-8137
>
> _______________________________________________
> Open.ogc mailing list
> Open.ogc at list.woc.noaa.gov
> https://list.woc.noaa.gov/cgi-bin/mailman/listinfo/open.ogc
>



-- 
Chi Y Kang
Principal Engineer
Phone: 301.628.5642
Cell: 240.338.1059

More information about the Open.ogc mailing list