[Open.ogc] services.ogc.noaa.gov password protected under SSL (https)

Wed Jan 7 18:16:26 UTC 2015

I'm calling URLs such as:

//services.ogc.noaa.gov/geoserver/nmfs_st/wfs
//services.ogc.noaa.gov/geoserver/nmfs_st/wms
//services.ogc.noaa.gov/geoserver/nmfs_st/ows

After looking at these URLs I realize that I'm including our workspace name
(nmfs_st). I'm not sure if that's necessary. Micah, do you know?

Tim

On Wed, Jan 7, 2015 at 12:25 PM, Chi Kang - NOAA Federal <
chi.y.kang at noaa.gov> wrote:

> Tim / Micah I don't think i have an issue getting more granular but I
> want to understand all the URLs involved first.
>
> Can someone outline them for me as an example?
>
>
> On Fri, Jan 2, 2015 at 5:11 PM, Tim Haverland - NOAA Federal
> <tim.haverland at noaa.gov> wrote:
> > What you suggest would be very helpful and allow my calls to geoserver
> to be
> > protocol relative.
> >
> > I have redirected all https calls to my map to http at the moment.
> >
> > Tim
> >
> > On Fri, Jan 2, 2015 at 5:07 PM, Micah Wengren <micah.wengren at noaa.gov>
> > wrote:
> >>
> >> Tim/WOC,
> >>
> >> I think the reason for the extra authentication step for HTTPS was to
> >> prevent public from being able to access /geoserver/web (with login form
> >> components) for preventing brute force password attacks and such.
> >>
> >> I can't think of a reason to not allow HTTPS access to the
> /geoserver/wms
> >> and /geoserver/wfs paths though.
> >>
> >> This might be something to look into potentially relaxing, if the WOC is
> >> willing to make that change and web server config allows it to that
> level of
> >> granularity.
> >>
> >> Micah
> >>
> >>
> >> On 12/4/2014 12:09 PM, Tim Haverland - NOAA Federal wrote:
> >>
> >> Hi Micah,
> >>
> >> Yes, I was trying to avoid the situation where someone loads our map
> page
> >> via https and our calls to services using http are blocked by the
> browser.
> >>
> >> I can have our sysadmin redirect all https requests to my page to http,
> >> but was hoping to avoid that by simply making my service URLs protocol
> >> relative.
> >>
> >> Is there a reason why services.ogc.noaa.gov requests a password for
> ssl?
> >> Are there services that I can't get to via HTTP but can with HTTPS?
> >>
> >> Tim
> >>
> >> On Thu, Dec 4, 2014 at 9:48 AM, Micah Wengren - NOAA Federal
> >> <micah.wengren at noaa.gov> wrote:
> >>>
> >>> Tim,
> >>>
> >>> Your goal is to have your web map SSL-enabled (to allow restricted
> views
> >>> with a user login for example), or are you just trying to accommodate
> users
> >>> who come in to the Fisheries website over HTTPS?
> >>>
> >>> If it's the latter, I think you should be able to hard-code the web map
> >>> requests to go over HTTP regardless of which protocol users come to
> the site
> >>> through.  This way they shouldn't get the login prompt from a non-NOAA
> >>> network to access services.ogc.noaa.gov.  The drawback to that is
> that the
> >>> browser will give a warning message because some content is coming over
> >>> HTTP.  That's the case for the NOAA Data Catalog, because the tile
> provider
> >>> only supports HTTP not HTTPS: https://data.noaa.gov/dataset (the
> browser
> >>> will show a warning message rather than a secure connection message).
> >>>
> >>> It might be more complicated in your case though because you're making
> >>> GetFeatureInfo requests to the service that return XML instead of map
> tiles.
> >>> I don't know how that would differ.
> >>>
> >>>
> >>> Can you look into that before we investigate making any changes to the
> >>> HTTPS access policies?
> >>>
> >>>
> >>> Micah
> >>>
> >>>
> >>> On Wed, Dec 3, 2014 at 5:46 PM, Tim Haverland - NOAA Federal
> >>> <tim.haverland at noaa.gov> wrote:
> >>>>
> >>>> Hi all,
> >>>>
> >>>> Recently I've been trying to enable an application that uses noaa ogc
> >>>> services to run under https. When I do so, the application runs when
> I'm at
> >>>> work, but from home (and no VPN) it asks that I enter my noaa email
> >>>> username/pwd.
> >>>>
> >>>> This is fine for me but won't work for public users of my application.
> >>>>
> >>>> Is there a reason that ssl access to services.ogc.noaa.gov requires
> >>>> login for users that aren't on a noaa network (I assume).
> >>>>
> >>>> Here's the app if anyone want to see this behavior in action:
> >>>>
> >>>> Works anywhere:
> >>>>
> http://www.st.nmfs.noaa.gov/humandimensions/social-indicators/map-copy
> >>>>
> >>>> Requires password for I assume non-noaa network users:
> >>>>
> https://www.st.nmfs.noaa.gov/humandimensions/social-indicators/map-copy
> >>>>
> >>>> I suppose I could redirect users coming in on https to http, but that
> >>>> causes other headaches on my end.
> >>>>
> >>>> Any thoughts?
> >>>>
> >>>> Tim
> >>>>
> >>>> --
> >>>> Tim Haverland
> >>>> Acting Operations Branch Chief
> >>>> NOAA Fisheries Office of Science and Technology
> >>>> 1315 East-West Highway
> >>>> SSMC3 Rm 12303
> >>>> Silver Spring, MD 20910
> >>>> 301-427-8137
> >>>>
> >>>> _______________________________________________
> >>>> Open.ogc mailing list
> >>>> Open.ogc at list.woc.noaa.gov
> >>>> https://list.woc.noaa.gov/cgi-bin/mailman/listinfo/open.ogc
> >>>>
> >>>
> >>
> >>
> >>
> >> --
> >> Tim Haverland
> >> Acting Operations Branch Chief
> >> NOAA Fisheries Office of Science and Technology
> >> 1315 East-West Highway
> >> SSMC3 Rm 12303
> >> Silver Spring, MD 20910
> >> 301-427-8137
> >>
> >>
> >
> >
> >
> > --
> > Tim Haverland
> > Acting Operations Branch Chief
> > NOAA Fisheries Office of Science and Technology
> > 1315 East-West Highway
> > SSMC3 Rm 12303
> > Silver Spring, MD 20910
> > 301-427-8137
> >
> > _______________________________________________
> > Open.ogc mailing list
> > Open.ogc at list.woc.noaa.gov
> > https://list.woc.noaa.gov/cgi-bin/mailman/listinfo/open.ogc
> >
>
>
>
> --
> Chi Y Kang
> Principal Engineer
> Phone: 301.628.5642
> Cell: 240.338.1059
>

-- 
*Tim Haverland*
Acting Operations Branch Chief
NOAA Fisheries Office of Science and Technology
1315 East-West Highway
SSMC3 Rm 12303
Silver Spring, MD 20910
301-427-8137
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.woc.noaa.gov/pipermail/open.ogc/attachments/20150107/ae8e02af/attachment.html>