Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Editing style requires authentication #11282

Open
NyakudyaA opened this issue Jul 20, 2023 · 6 comments
Open

Editing style requires authentication #11282

NyakudyaA opened this issue Jul 20, 2023 · 6 comments

Comments

@NyakudyaA
Copy link
Contributor

Problem

When running GeoNode in a Kubernetes cluster and trying to update the style you encounter the following

image

This is due to the checkpoint URLs which are being written to the${GEOSERVER_DATA_DIR}/security/role/geonode REST role service/config.xml as http://geonode:80/api/o/v4/tokeninfo/

Solution

  • Update set_geoserver_auth.sh to the following
 # Setting new substituted value
    case $i in
        proxyBaseUrl )
            if [ ${GEONODE_LB_HOST_IP} ]
            then
                echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$SUBSTITUTION_URL'"
                newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$SUBSTITUTION_URL@"`
            else
                echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$NGINX_BASE_URL'"
                newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$NGINX_BASE_URL@"`
            fi;;
        accessTokenUri |  baseUrl )
            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$NGINX_BASE_URL'"
            newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$NGINX_BASE_URL@"`;;
        checkTokenEndpointUrl |userAuthorizationUri | redirectUri | logoutUri )
            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$SUBSTITUTION_URL'"
            newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$SUBSTITUTION_URL@"`;;
        *) echo -n "an unknown variable has been found";;
    esac

This will allow the checkpoint URL to be https://${GEONODE_LB_HOST_IP}/api/o/v4/tokeninfo/

This also works for docker-compose versions as this changes the checkpoint URL to communicate over the external IP / domain
@AlexGacon
Copy link

Hello. I managed to have it working on K8s by simply setting the SUBSTITUTION_URL variable to a suitable value.

@mwallschlaeger
Copy link
Member

hey are you using genode-k8s on this? i run into the same issue there, maybe we can add it to the kis deployment

@ridoo
Copy link
Contributor

ridoo commented Oct 23, 2023

This is due to the checkpoint URLs which are being written to the${GEOSERVER_DATA_DIR}/security/role/geonode REST role service/config.xml as http://geonode:80/api/o/v4/tokeninfo/

Solution

  • Update set_geoserver_auth.sh to the following
 # Setting new substituted value
    case $i in
        proxyBaseUrl )
            if [ ${GEONODE_LB_HOST_IP} ]
            then
                echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$SUBSTITUTION_URL'"
                newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$SUBSTITUTION_URL@"`
            else
                echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$NGINX_BASE_URL'"
                newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$NGINX_BASE_URL@"`
            fi;;
        accessTokenUri |  baseUrl )
            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$NGINX_BASE_URL'"
            newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$NGINX_BASE_URL@"`;;
        checkTokenEndpointUrl |userAuthorizationUri | redirectUri | logoutUri )
            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$SUBSTITUTION_URL'"
            newvalue=`echo -ne "$tagvalue" | sed -re "s@http://localhost(:8.*0)@$SUBSTITUTION_URL@"`;;
        *) echo -n "an unknown variable has been found";;
    esac

I guess you refer to the set_geoserver_auth.sh part of the latest GeoServer version used by GeoNode v4.3.1. (As far as I know, the GeoServer image used here had been built from the GeoNode project repository).

Seems to be outdated (at least compared with master). SUBSTITUTION_URL seems not being used anymore:

case $i in
        authApiKey)
            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$OAUTH2_API_KEY'"
            newvalue=`echo -ne "$tagvalue" | sed -re "s@.*@$OAUTH2_API_KEY@"`;;
        cliendId)
            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$OAUTH2_CLIENT_ID'"
            newvalue=`echo -ne "$tagvalue" | sed -re "s@.*@$OAUTH2_CLIENT_ID@"`;;
        clientSecret)
            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$OAUTH2_CLIENT_SECRET'"
            newvalue=`echo -ne "$tagvalue" | sed -re "s@.*@$OAUTH2_CLIENT_SECRET@"`;;
        proxyBaseUrl | redirectUri | userAuthorizationUri | logoutUri )
            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$GEOSERVER_LOCATION'"
            newvalue=`echo -ne "$tagvalue" | sed -re "s@^(https?://[^/]+)@${GEOSERVER_LOCATION%/}@"`;;
        baseUrl | accessTokenUri | checkTokenEndpointUrl )
            echo "DEBUG: Editing '$auth_conf_source' for tagname <$i> and replacing its value with '$GEONODE_LOCATION'"
            newvalue=`echo -ne "$tagvalue" | sed -re "s@^(https?://[^/]+)@${GEONODE_LOCATION%/}@"`;;
        *) echo -n "an unknown variable has been found";;
    esac

Note: Some refactoring had been done recently, based on a (longer) discussion to carve out Docker components to a dedicated repository (for transparency and maintenance reasons). In general, all such discussion are also related to the question, how to improve to upgrade GeoNode to newer versions.

This was referenced Oct 23, 2023
Closed
Closed
@SimonAnnetts
Copy link

SimonAnnetts commented Oct 24, 2023
edited

I'm seeing this issue on 4.1.3 final running on docker on Ubuntu 22.04LTS. I pulled the 4.1.x branch from github up to tag 4.1.3.
I can't seem to find the set_geoserver_auth.sh file in this repo. Any idea how I can fix this as it's impossible now to edit styles?

@mwallschlaeger
Copy link
Member

hey @SimonAnnetts I figured it out for the kubernetes deployment, see my PR on zalf-rdm/geonode-k8s#104 . I would you guide to check the geonode admin interface -> Django OAuth Toolkit -> Applications -> GeoServer and check that the clientID and clientSecret are set. Same thing on geoserver side, login as admin into geoserver click yourself to security -> authentication and click on the geonode-oauth2 Authentication Filter. Check if the clientID and clientSecret is the same as in geonode. Further check if the urls are configured properly.

@SimonAnnetts
Copy link

@mwallschlaeger thanks for that. Checked and all good now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@SimonAnnetts @ridoo @NyakudyaA @AlexGacon @mwallschlaeger