Issue with admin authentication

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Issue with admin authentication

Annalisa Schiavon
Hi all.
I've followed this doc because I had some problems with permissions on layers: http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/index.html .

My geonode superuser is "geonode", so I access Geoserver with geonode and setted geonode REST role service as Active role service in Security settings. 

After doing this, I can no more login in Geoserver with admin user.
Unfortunately, I made a "updatelayer" with --remove-deleted option and this deleted all my layers from geonode. In geoserver there are all layers.

I try to change back Security settings and set it to "default". Now if I make an updatelayers, geonode recreate my layers (but I have to restore my old backups because I lost all metadata and link with the maps).

I hope that after restoring geonode DB and doing "geonode migrate --fake-initial" I'll return to my situation of yesterday.
But how should I set Security settings?

Thanks
Annalisa

_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with admin authentication

Annalisa Schiavon
I add that if I run this command:


I get:
{"users": []}

The other cmd:


are ok.

I attach the last lines of geoserver.log

I've migrated from geonode 2.4 to geonode 2.6.
I've changed the geoserver data dir coping the original 2.9 and than replacing these directories from my geoserver 2.7:
  • data
  • layergroups
  • legendsamples
  • styles
  • workspace
Thanks for any reply
Annalisa


2017-07-12 12:48 GMT+02:00 Annalisa Schiavon <[hidden email]>:
Hi all.
I've followed this doc because I had some problems with permissions on layers: http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/index.html .

My geonode superuser is "geonode", so I access Geoserver with geonode and setted geonode REST role service as Active role service in Security settings. 

After doing this, I can no more login in Geoserver with admin user.
Unfortunately, I made a "updatelayer" with --remove-deleted option and this deleted all my layers from geonode. In geoserver there are all layers.

I try to change back Security settings and set it to "default". Now if I make an updatelayers, geonode recreate my layers (but I have to restore my old backups because I lost all metadata and link with the maps).

I hope that after restoring geonode DB and doing "geonode migrate --fake-initial" I'll return to my situation of yesterday.
But how should I set Security settings?

Thanks
Annalisa


_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users

geoserver.log (18K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Issue with admin authentication

Alessio Fabiani-2
As stated in the documentation, GeoServer still has its own internal users.

If you want to create an admin different from the default one in GeoServer also which works with basic auth also, you need to create a GeoServer internal user too.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 12, 2017 at 2:09 PM, Annalisa Schiavon <[hidden email]> wrote:
I add that if I run this command:


I get:
{"users": []}

The other cmd:


are ok.

I attach the last lines of geoserver.log

I've migrated from geonode 2.4 to geonode 2.6.
I've changed the geoserver data dir coping the original 2.9 and than replacing these directories from my geoserver 2.7:
  • data
  • layergroups
  • legendsamples
  • styles
  • workspace
Thanks for any reply
Annalisa


2017-07-12 12:48 GMT+02:00 Annalisa Schiavon <[hidden email]>:
Hi all.
I've followed this doc because I had some problems with permissions on layers: http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/index.html .

My geonode superuser is "geonode", so I access Geoserver with geonode and setted geonode REST role service as Active role service in Security settings. 

After doing this, I can no more login in Geoserver with admin user.
Unfortunately, I made a "updatelayer" with --remove-deleted option and this deleted all my layers from geonode. In geoserver there are all layers.

I try to change back Security settings and set it to "default". Now if I make an updatelayers, geonode recreate my layers (but I have to restore my old backups because I lost all metadata and link with the maps).

I hope that after restoring geonode DB and doing "geonode migrate --fake-initial" I'll return to my situation of yesterday.
But how should I set Security settings?

Thanks
Annalisa



_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with admin authentication

Annalisa Schiavon
I don't want to create a different admin user of Geoserver. But "admin" user (the default of Geoserver) is an Administrator if I set in Security settings, "Active role service" = "default". If I set "Active role service" = "geonode REST role service", the "admin" user is no longer an administrator but a common user with no permission.
This is my edit user page of admin user, when I set geonode REST role service:

Immagine incorporata 1

Is it normal? It's ok?

Thanks
Annalisa

2017-07-13 8:25 GMT+02:00 Alessio Fabiani <[hidden email]>:
As stated in the documentation, GeoServer still has its own internal users.

If you want to create an admin different from the default one in GeoServer also which works with basic auth also, you need to create a GeoServer internal user too.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 12, 2017 at 2:09 PM, Annalisa Schiavon <[hidden email]> wrote:
I add that if I run this command:


I get:
{"users": []}

The other cmd:


are ok.

I attach the last lines of geoserver.log

I've migrated from geonode 2.4 to geonode 2.6.
I've changed the geoserver data dir coping the original 2.9 and than replacing these directories from my geoserver 2.7:
  • data
  • layergroups
  • legendsamples
  • styles
  • workspace
Thanks for any reply
Annalisa


2017-07-12 12:48 GMT+02:00 Annalisa Schiavon <[hidden email]>:
Hi all.
I've followed this doc because I had some problems with permissions on layers: http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/index.html .

My geonode superuser is "geonode", so I access Geoserver with geonode and setted geonode REST role service as Active role service in Security settings. 

After doing this, I can no more login in Geoserver with admin user.
Unfortunately, I made a "updatelayer" with --remove-deleted option and this deleted all my layers from geonode. In geoserver there are all layers.

I try to change back Security settings and set it to "default". Now if I make an updatelayers, geonode recreate my layers (but I have to restore my old backups because I lost all metadata and link with the maps).

I hope that after restoring geonode DB and doing "geonode migrate --fake-initial" I'll return to my situation of yesterday.
But how should I set Security settings?

Thanks
Annalisa




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with admin authentication

Alessio Fabiani-2
Did you deleted the "admin" user from  GeoNode? Or removed privileged status? If yes it is normal, otherwise not.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Thu, Jul 13, 2017 at 9:29 AM, Annalisa Schiavon <[hidden email]> wrote:
I don't want to create a different admin user of Geoserver. But "admin" user (the default of Geoserver) is an Administrator if I set in Security settings, "Active role service" = "default". If I set "Active role service" = "geonode REST role service", the "admin" user is no longer an administrator but a common user with no permission.
This is my edit user page of admin user, when I set geonode REST role service:

Immagine incorporata 1

Is it normal? It's ok?

Thanks
Annalisa

2017-07-13 8:25 GMT+02:00 Alessio Fabiani <[hidden email]>:
As stated in the documentation, GeoServer still has its own internal users.

If you want to create an admin different from the default one in GeoServer also which works with basic auth also, you need to create a GeoServer internal user too.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 12, 2017 at 2:09 PM, Annalisa Schiavon <[hidden email]> wrote:
I add that if I run this command:


I get:
{"users": []}

The other cmd:


are ok.

I attach the last lines of geoserver.log

I've migrated from geonode 2.4 to geonode 2.6.
I've changed the geoserver data dir coping the original 2.9 and than replacing these directories from my geoserver 2.7:
  • data
  • layergroups
  • legendsamples
  • styles
  • workspace
Thanks for any reply
Annalisa


2017-07-12 12:48 GMT+02:00 Annalisa Schiavon <[hidden email]>:
Hi all.
I've followed this doc because I had some problems with permissions on layers: http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/index.html .

My geonode superuser is "geonode", so I access Geoserver with geonode and setted geonode REST role service as Active role service in Security settings. 

After doing this, I can no more login in Geoserver with admin user.
Unfortunately, I made a "updatelayer" with --remove-deleted option and this deleted all my layers from geonode. In geoserver there are all layers.

I try to change back Security settings and set it to "default". Now if I make an updatelayers, geonode recreate my layers (but I have to restore my old backups because I lost all metadata and link with the maps).

I hope that after restoring geonode DB and doing "geonode migrate --fake-initial" I'll return to my situation of yesterday.
But how should I set Security settings?

Thanks
Annalisa




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users



_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with admin authentication

Annalisa Schiavon
I didn't delete the "admin" user in geonode, but ... there is a default admin user in geonode? My superuser created with 

    geonode createsuperuser

is named "geonode".
I migrated a geonode 2.4 db (than execute $ geonode migrate --fake-initial); maybe I lost the admin user?
Among geonode users I have geonode, AnonymousUser and than my users created in 2.4.

In Geoserver, I've changed the default password of admin user and stop. 



2017-07-19 11:42 GMT+02:00 Alessio Fabiani <[hidden email]>:
Did you deleted the "admin" user from  GeoNode? Or removed privileged status? If yes it is normal, otherwise not.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Thu, Jul 13, 2017 at 9:29 AM, Annalisa Schiavon <[hidden email]> wrote:
I don't want to create a different admin user of Geoserver. But "admin" user (the default of Geoserver) is an Administrator if I set in Security settings, "Active role service" = "default". If I set "Active role service" = "geonode REST role service", the "admin" user is no longer an administrator but a common user with no permission.
This is my edit user page of admin user, when I set geonode REST role service:

Immagine incorporata 1

Is it normal? It's ok?

Thanks
Annalisa

2017-07-13 8:25 GMT+02:00 Alessio Fabiani <[hidden email]>:
As stated in the documentation, GeoServer still has its own internal users.

If you want to create an admin different from the default one in GeoServer also which works with basic auth also, you need to create a GeoServer internal user too.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 12, 2017 at 2:09 PM, Annalisa Schiavon <[hidden email]> wrote:
I add that if I run this command:


I get:
{"users": []}

The other cmd:


are ok.

I attach the last lines of geoserver.log

I've migrated from geonode 2.4 to geonode 2.6.
I've changed the geoserver data dir coping the original 2.9 and than replacing these directories from my geoserver 2.7:
  • data
  • layergroups
  • legendsamples
  • styles
  • workspace
Thanks for any reply
Annalisa


2017-07-12 12:48 GMT+02:00 Annalisa Schiavon <[hidden email]>:
Hi all.
I've followed this doc because I had some problems with permissions on layers: http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/index.html .

My geonode superuser is "geonode", so I access Geoserver with geonode and setted geonode REST role service as Active role service in Security settings. 

After doing this, I can no more login in Geoserver with admin user.
Unfortunately, I made a "updatelayer" with --remove-deleted option and this deleted all my layers from geonode. In geoserver there are all layers.

I try to change back Security settings and set it to "default". Now if I make an updatelayers, geonode recreate my layers (but I have to restore my old backups because I lost all metadata and link with the maps).

I hope that after restoring geonode DB and doing "geonode migrate --fake-initial" I'll return to my situation of yesterday.
But how should I set Security settings?

Thanks
Annalisa




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with admin authentication

Alessio Fabiani-2
In that case it might be a misconfiguration of the "GeoNode REST Role Service". Most likely if you try to enter it you will receive an error.

You need to double check manually the file inside the GEOSERVER_DATA_DIR:

$GEOSERVER_DATA_DIR/security/role/geonode\ REST\ role\ service/config.xml

and make sure this parameter points correctly to the base URL of your GeoNode instance

<baseUrl>http://localhost</baseUrl>


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 19, 2017 at 1:41 PM, Annalisa Schiavon <[hidden email]> wrote:
I didn't delete the "admin" user in geonode, but ... there is a default admin user in geonode? My superuser created with 

    geonode createsuperuser

is named "geonode".
I migrated a geonode 2.4 db (than execute $ geonode migrate --fake-initial); maybe I lost the admin user?
Among geonode users I have geonode, AnonymousUser and than my users created in 2.4.

In Geoserver, I've changed the default password of admin user and stop. 



2017-07-19 11:42 GMT+02:00 Alessio Fabiani <[hidden email]>:
Did you deleted the "admin" user from  GeoNode? Or removed privileged status? If yes it is normal, otherwise not.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Thu, Jul 13, 2017 at 9:29 AM, Annalisa Schiavon <[hidden email]> wrote:
I don't want to create a different admin user of Geoserver. But "admin" user (the default of Geoserver) is an Administrator if I set in Security settings, "Active role service" = "default". If I set "Active role service" = "geonode REST role service", the "admin" user is no longer an administrator but a common user with no permission.
This is my edit user page of admin user, when I set geonode REST role service:

Immagine incorporata 1

Is it normal? It's ok?

Thanks
Annalisa

2017-07-13 8:25 GMT+02:00 Alessio Fabiani <[hidden email]>:
As stated in the documentation, GeoServer still has its own internal users.

If you want to create an admin different from the default one in GeoServer also which works with basic auth also, you need to create a GeoServer internal user too.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 12, 2017 at 2:09 PM, Annalisa Schiavon <[hidden email]> wrote:
I add that if I run this command:


I get:
{"users": []}

The other cmd:


are ok.

I attach the last lines of geoserver.log

I've migrated from geonode 2.4 to geonode 2.6.
I've changed the geoserver data dir coping the original 2.9 and than replacing these directories from my geoserver 2.7:
  • data
  • layergroups
  • legendsamples
  • styles
  • workspace
Thanks for any reply
Annalisa


2017-07-12 12:48 GMT+02:00 Annalisa Schiavon <[hidden email]>:
Hi all.
I've followed this doc because I had some problems with permissions on layers: http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/index.html .

My geonode superuser is "geonode", so I access Geoserver with geonode and setted geonode REST role service as Active role service in Security settings. 

After doing this, I can no more login in Geoserver with admin user.
Unfortunately, I made a "updatelayer" with --remove-deleted option and this deleted all my layers from geonode. In geoserver there are all layers.

I try to change back Security settings and set it to "default". Now if I make an updatelayers, geonode recreate my layers (but I have to restore my old backups because I lost all metadata and link with the maps).

I hope that after restoring geonode DB and doing "geonode migrate --fake-initial" I'll return to my situation of yesterday.
But how should I set Security settings?

Thanks
Annalisa




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users



_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with admin authentication

Annalisa Schiavon
I can enter in GeoNode REST Role Service. <baseUrl> was my ip:
<baseUrl>http://192.168.31.80</baseUrl>
Now I set it to localhost. This is my screenshot:

Immagine incorporata 1


In Authentication filters, geonode-oauth2 is setted as below:

Immagine incorporata 2

what I wrong?
ClientID and Client Secret are equal to those in Geonode Admin

Thanks

2017-07-19 13:56 GMT+02:00 Alessio Fabiani <[hidden email]>:
In that case it might be a misconfiguration of the "GeoNode REST Role Service". Most likely if you try to enter it you will receive an error.

You need to double check manually the file inside the GEOSERVER_DATA_DIR:

$GEOSERVER_DATA_DIR/security/role/geonode\ REST\ role\ service/config.xml

and make sure this parameter points correctly to the base URL of your GeoNode instance

<baseUrl>http://localhost</baseUrl>


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 19, 2017 at 1:41 PM, Annalisa Schiavon <[hidden email]> wrote:
I didn't delete the "admin" user in geonode, but ... there is a default admin user in geonode? My superuser created with 

    geonode createsuperuser

is named "geonode".
I migrated a geonode 2.4 db (than execute $ geonode migrate --fake-initial); maybe I lost the admin user?
Among geonode users I have geonode, AnonymousUser and than my users created in 2.4.

In Geoserver, I've changed the default password of admin user and stop. 



2017-07-19 11:42 GMT+02:00 Alessio Fabiani <[hidden email]>:
Did you deleted the "admin" user from  GeoNode? Or removed privileged status? If yes it is normal, otherwise not.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Thu, Jul 13, 2017 at 9:29 AM, Annalisa Schiavon <[hidden email]> wrote:
I don't want to create a different admin user of Geoserver. But "admin" user (the default of Geoserver) is an Administrator if I set in Security settings, "Active role service" = "default". If I set "Active role service" = "geonode REST role service", the "admin" user is no longer an administrator but a common user with no permission.
This is my edit user page of admin user, when I set geonode REST role service:

Immagine incorporata 1

Is it normal? It's ok?

Thanks
Annalisa

2017-07-13 8:25 GMT+02:00 Alessio Fabiani <[hidden email]>:
As stated in the documentation, GeoServer still has its own internal users.

If you want to create an admin different from the default one in GeoServer also which works with basic auth also, you need to create a GeoServer internal user too.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 12, 2017 at 2:09 PM, Annalisa Schiavon <[hidden email]> wrote:
I add that if I run this command:


I get:
{"users": []}

The other cmd:


are ok.

I attach the last lines of geoserver.log

I've migrated from geonode 2.4 to geonode 2.6.
I've changed the geoserver data dir coping the original 2.9 and than replacing these directories from my geoserver 2.7:
  • data
  • layergroups
  • legendsamples
  • styles
  • workspace
Thanks for any reply
Annalisa


2017-07-12 12:48 GMT+02:00 Annalisa Schiavon <[hidden email]>:
Hi all.
I've followed this doc because I had some problems with permissions on layers: http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/index.html .

My geonode superuser is "geonode", so I access Geoserver with geonode and setted geonode REST role service as Active role service in Security settings. 

After doing this, I can no more login in Geoserver with admin user.
Unfortunately, I made a "updatelayer" with --remove-deleted option and this deleted all my layers from geonode. In geoserver there are all layers.

I try to change back Security settings and set it to "default". Now if I make an updatelayers, geonode recreate my layers (but I have to restore my old backups because I lost all metadata and link with the maps).

I hope that after restoring geonode DB and doing "geonode migrate --fake-initial" I'll return to my situation of yesterday.
But how should I set Security settings?

Thanks
Annalisa




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with admin authentication

Alessio Fabiani-2
You need to change those values:

1. GeoNode REST Role Service to -> <baseUrl>http://192.168.31.80</baseUrl>

2. Authentication filters, geonode-oauth2:

  Access Token URI to -> http://192.168.31.80/o/token/
  Check Token Endpoint URL to -> http://192.168.31.80/api/o/v4/tokeninfo/
  Scopes to -> write


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 19, 2017 at 3:25 PM, Annalisa Schiavon <[hidden email]> wrote:
I can enter in GeoNode REST Role Service. <baseUrl> was my ip:
<baseUrl>http://192.168.31.80</baseUrl>
Now I set it to localhost. This is my screenshot:

Immagine incorporata 1


In Authentication filters, geonode-oauth2 is setted as below:

Immagine incorporata 2

what I wrong?
ClientID and Client Secret are equal to those in Geonode Admin

Thanks

2017-07-19 13:56 GMT+02:00 Alessio Fabiani <[hidden email]>:
In that case it might be a misconfiguration of the "GeoNode REST Role Service". Most likely if you try to enter it you will receive an error.

You need to double check manually the file inside the GEOSERVER_DATA_DIR:

$GEOSERVER_DATA_DIR/security/role/geonode\ REST\ role\ service/config.xml

and make sure this parameter points correctly to the base URL of your GeoNode instance

<baseUrl>http://localhost</baseUrl>


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 19, 2017 at 1:41 PM, Annalisa Schiavon <[hidden email]> wrote:
I didn't delete the "admin" user in geonode, but ... there is a default admin user in geonode? My superuser created with 

    geonode createsuperuser

is named "geonode".
I migrated a geonode 2.4 db (than execute $ geonode migrate --fake-initial); maybe I lost the admin user?
Among geonode users I have geonode, AnonymousUser and than my users created in 2.4.

In Geoserver, I've changed the default password of admin user and stop. 



2017-07-19 11:42 GMT+02:00 Alessio Fabiani <[hidden email]>:
Did you deleted the "admin" user from  GeoNode? Or removed privileged status? If yes it is normal, otherwise not.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Thu, Jul 13, 2017 at 9:29 AM, Annalisa Schiavon <[hidden email]> wrote:
I don't want to create a different admin user of Geoserver. But "admin" user (the default of Geoserver) is an Administrator if I set in Security settings, "Active role service" = "default". If I set "Active role service" = "geonode REST role service", the "admin" user is no longer an administrator but a common user with no permission.
This is my edit user page of admin user, when I set geonode REST role service:

Immagine incorporata 1

Is it normal? It's ok?

Thanks
Annalisa

2017-07-13 8:25 GMT+02:00 Alessio Fabiani <[hidden email]>:
As stated in the documentation, GeoServer still has its own internal users.

If you want to create an admin different from the default one in GeoServer also which works with basic auth also, you need to create a GeoServer internal user too.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 12, 2017 at 2:09 PM, Annalisa Schiavon <[hidden email]> wrote:
I add that if I run this command:


I get:
{"users": []}

The other cmd:


are ok.

I attach the last lines of geoserver.log

I've migrated from geonode 2.4 to geonode 2.6.
I've changed the geoserver data dir coping the original 2.9 and than replacing these directories from my geoserver 2.7:
  • data
  • layergroups
  • legendsamples
  • styles
  • workspace
Thanks for any reply
Annalisa


2017-07-12 12:48 GMT+02:00 Annalisa Schiavon <[hidden email]>:
Hi all.
I've followed this doc because I had some problems with permissions on layers: http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/index.html .

My geonode superuser is "geonode", so I access Geoserver with geonode and setted geonode REST role service as Active role service in Security settings. 

After doing this, I can no more login in Geoserver with admin user.
Unfortunately, I made a "updatelayer" with --remove-deleted option and this deleted all my layers from geonode. In geoserver there are all layers.

I try to change back Security settings and set it to "default". Now if I make an updatelayers, geonode recreate my layers (but I have to restore my old backups because I lost all metadata and link with the maps).

I hope that after restoring geonode DB and doing "geonode migrate --fake-initial" I'll return to my situation of yesterday.
But how should I set Security settings?

Thanks
Annalisa




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users



_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with admin authentication

Annalisa Schiavon
I changed those values without success.
I can login with geonode user with admin permissions in geonode and also in geoserver, even if sometimes it fails. But also when geonode login fails in geoserver, waiting for a while, then I can access. I don't know why. Even without restart tomcat or apache.
But, for example, if I try to load a new layer I receive again this error:

Tried to make a GET request to http://localhost:8080/geoserver/rest/workspaces/default.xml but got a 404 status code: No such workspace: default

I have some WARNING and ERRORS in the logs, like:

org.geoserver.security.GeoServerRestRoleService$1 executeWithContext
WARNING: null
com.jayway.jsonpath.PathNotFoundException: No results for path: $['users'][0]['groups']
.....
ERROR [geoserver.rest] - No such workspace: default
24 Jul 13:06:12 ERROR [geoserver.rest] - 
org.geoserver.rest.RestletException
at org.geoserver.catalog.rest.WorkspaceFinder.findTarget(WorkspaceFinder.java:41)
.....
(my default workspace is named geonode ...)

If you want, I may attach full log.

For layers and maps already upload there are no problems, it seems.
Thanks




2017-07-20 11:19 GMT+02:00 Alessio Fabiani <[hidden email]>:
You need to change those values:

1. GeoNode REST Role Service to -> <baseUrl>http://192.168.31.80</baseUrl>

2. Authentication filters, geonode-oauth2:

  Access Token URI to -> http://192.168.31.80/o/token/
  Check Token Endpoint URL to -> http://192.168.31.80/api/o/v4/tokeninfo/
  Scopes to -> write


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 19, 2017 at 3:25 PM, Annalisa Schiavon <[hidden email]> wrote:
I can enter in GeoNode REST Role Service. <baseUrl> was my ip:
<baseUrl>http://192.168.31.80</baseUrl>
Now I set it to localhost. This is my screenshot:

Immagine incorporata 1


In Authentication filters, geonode-oauth2 is setted as below:

Immagine incorporata 2

what I wrong?
ClientID and Client Secret are equal to those in Geonode Admin

Thanks

2017-07-19 13:56 GMT+02:00 Alessio Fabiani <[hidden email]>:
In that case it might be a misconfiguration of the "GeoNode REST Role Service". Most likely if you try to enter it you will receive an error.

You need to double check manually the file inside the GEOSERVER_DATA_DIR:

$GEOSERVER_DATA_DIR/security/role/geonode\ REST\ role\ service/config.xml

and make sure this parameter points correctly to the base URL of your GeoNode instance

<baseUrl>http://localhost</baseUrl>


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 19, 2017 at 1:41 PM, Annalisa Schiavon <[hidden email]> wrote:
I didn't delete the "admin" user in geonode, but ... there is a default admin user in geonode? My superuser created with 

    geonode createsuperuser

is named "geonode".
I migrated a geonode 2.4 db (than execute $ geonode migrate --fake-initial); maybe I lost the admin user?
Among geonode users I have geonode, AnonymousUser and than my users created in 2.4.

In Geoserver, I've changed the default password of admin user and stop. 



2017-07-19 11:42 GMT+02:00 Alessio Fabiani <[hidden email]>:
Did you deleted the "admin" user from  GeoNode? Or removed privileged status? If yes it is normal, otherwise not.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Thu, Jul 13, 2017 at 9:29 AM, Annalisa Schiavon <[hidden email]> wrote:
I don't want to create a different admin user of Geoserver. But "admin" user (the default of Geoserver) is an Administrator if I set in Security settings, "Active role service" = "default". If I set "Active role service" = "geonode REST role service", the "admin" user is no longer an administrator but a common user with no permission.
This is my edit user page of admin user, when I set geonode REST role service:

Immagine incorporata 1

Is it normal? It's ok?

Thanks
Annalisa

2017-07-13 8:25 GMT+02:00 Alessio Fabiani <[hidden email]>:
As stated in the documentation, GeoServer still has its own internal users.

If you want to create an admin different from the default one in GeoServer also which works with basic auth also, you need to create a GeoServer internal user too.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 12, 2017 at 2:09 PM, Annalisa Schiavon <[hidden email]> wrote:
I add that if I run this command:


I get:
{"users": []}

The other cmd:


are ok.

I attach the last lines of geoserver.log

I've migrated from geonode 2.4 to geonode 2.6.
I've changed the geoserver data dir coping the original 2.9 and than replacing these directories from my geoserver 2.7:
  • data
  • layergroups
  • legendsamples
  • styles
  • workspace
Thanks for any reply
Annalisa


2017-07-12 12:48 GMT+02:00 Annalisa Schiavon <[hidden email]>:
Hi all.
I've followed this doc because I had some problems with permissions on layers: http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/index.html .

My geonode superuser is "geonode", so I access Geoserver with geonode and setted geonode REST role service as Active role service in Security settings. 

After doing this, I can no more login in Geoserver with admin user.
Unfortunately, I made a "updatelayer" with --remove-deleted option and this deleted all my layers from geonode. In geoserver there are all layers.

I try to change back Security settings and set it to "default". Now if I make an updatelayers, geonode recreate my layers (but I have to restore my old backups because I lost all metadata and link with the maps).

I hope that after restoring geonode DB and doing "geonode migrate --fake-initial" I'll return to my situation of yesterday.
But how should I set Security settings?

Thanks
Annalisa




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with admin authentication

Alessio Fabiani-2
Hello Annalisa,
it looks like your GeoNode instance is not enabled to provide users' roles via REST service.

I'm afraid your installation has something wrong, especially with the versions numbers.

In order to make a quick test using CURL:


you should receive the list of available groups on GeoNode


you should receive the list of available users on GeoNode


you should receive the list of available groups for admin user




Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Mon, Jul 24, 2017 at 1:33 PM, Annalisa Schiavon <[hidden email]> wrote:
I changed those values without success.
I can login with geonode user with admin permissions in geonode and also in geoserver, even if sometimes it fails. But also when geonode login fails in geoserver, waiting for a while, then I can access. I don't know why. Even without restart tomcat or apache.
But, for example, if I try to load a new layer I receive again this error:

Tried to make a GET request to http://localhost:8080/geoserver/rest/workspaces/default.xml but got a 404 status code: No such workspace: default

I have some WARNING and ERRORS in the logs, like:

org.geoserver.security.GeoServerRestRoleService$1 executeWithContext
WARNING: null
com.jayway.jsonpath.PathNotFoundException: No results for path: $['users'][0]['groups']
.....
ERROR [geoserver.rest] - No such workspace: default
24 Jul 13:06:12 ERROR [geoserver.rest] - 
org.geoserver.rest.RestletException
at org.geoserver.catalog.rest.WorkspaceFinder.findTarget(WorkspaceFinder.java:41)
.....
(my default workspace is named geonode ...)

If you want, I may attach full log.

For layers and maps already upload there are no problems, it seems.
Thanks




2017-07-20 11:19 GMT+02:00 Alessio Fabiani <[hidden email]>:
You need to change those values:

1. GeoNode REST Role Service to -> <baseUrl>http://192.168.31.80</baseUrl>

2. Authentication filters, geonode-oauth2:

  Access Token URI to -> http://192.168.31.80/o/token/
  Check Token Endpoint URL to -> http://192.168.31.80/api/o/v4/tokeninfo/
  Scopes to -> write


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 19, 2017 at 3:25 PM, Annalisa Schiavon <[hidden email]> wrote:
I can enter in GeoNode REST Role Service. <baseUrl> was my ip:
<baseUrl>http://192.168.31.80</baseUrl>
Now I set it to localhost. This is my screenshot:

Immagine incorporata 1


In Authentication filters, geonode-oauth2 is setted as below:

Immagine incorporata 2

what I wrong?
ClientID and Client Secret are equal to those in Geonode Admin

Thanks

2017-07-19 13:56 GMT+02:00 Alessio Fabiani <[hidden email]>:
In that case it might be a misconfiguration of the "GeoNode REST Role Service". Most likely if you try to enter it you will receive an error.

You need to double check manually the file inside the GEOSERVER_DATA_DIR:

$GEOSERVER_DATA_DIR/security/role/geonode\ REST\ role\ service/config.xml

and make sure this parameter points correctly to the base URL of your GeoNode instance

<baseUrl>http://localhost</baseUrl>


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 19, 2017 at 1:41 PM, Annalisa Schiavon <[hidden email]> wrote:
I didn't delete the "admin" user in geonode, but ... there is a default admin user in geonode? My superuser created with 

    geonode createsuperuser

is named "geonode".
I migrated a geonode 2.4 db (than execute $ geonode migrate --fake-initial); maybe I lost the admin user?
Among geonode users I have geonode, AnonymousUser and than my users created in 2.4.

In Geoserver, I've changed the default password of admin user and stop. 



2017-07-19 11:42 GMT+02:00 Alessio Fabiani <[hidden email]>:
Did you deleted the "admin" user from  GeoNode? Or removed privileged status? If yes it is normal, otherwise not.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Thu, Jul 13, 2017 at 9:29 AM, Annalisa Schiavon <[hidden email]> wrote:
I don't want to create a different admin user of Geoserver. But "admin" user (the default of Geoserver) is an Administrator if I set in Security settings, "Active role service" = "default". If I set "Active role service" = "geonode REST role service", the "admin" user is no longer an administrator but a common user with no permission.
This is my edit user page of admin user, when I set geonode REST role service:

Immagine incorporata 1

Is it normal? It's ok?

Thanks
Annalisa

2017-07-13 8:25 GMT+02:00 Alessio Fabiani <[hidden email]>:
As stated in the documentation, GeoServer still has its own internal users.

If you want to create an admin different from the default one in GeoServer also which works with basic auth also, you need to create a GeoServer internal user too.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 12, 2017 at 2:09 PM, Annalisa Schiavon <[hidden email]> wrote:
I add that if I run this command:


I get:
{"users": []}

The other cmd:


are ok.

I attach the last lines of geoserver.log

I've migrated from geonode 2.4 to geonode 2.6.
I've changed the geoserver data dir coping the original 2.9 and than replacing these directories from my geoserver 2.7:
  • data
  • layergroups
  • legendsamples
  • styles
  • workspace
Thanks for any reply
Annalisa


2017-07-12 12:48 GMT+02:00 Annalisa Schiavon <[hidden email]>:
Hi all.
I've followed this doc because I had some problems with permissions on layers: http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/index.html .

My geonode superuser is "geonode", so I access Geoserver with geonode and setted geonode REST role service as Active role service in Security settings. 

After doing this, I can no more login in Geoserver with admin user.
Unfortunately, I made a "updatelayer" with --remove-deleted option and this deleted all my layers from geonode. In geoserver there are all layers.

I try to change back Security settings and set it to "default". Now if I make an updatelayers, geonode recreate my layers (but I have to restore my old backups because I lost all metadata and link with the maps).

I hope that after restoring geonode DB and doing "geonode migrate --fake-initial" I'll return to my situation of yesterday.
But how should I set Security settings?

Thanks
Annalisa




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users



_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with admin authentication

Annalisa Schiavon
Here my test using CURL:

{"groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV", "admin"]}

{"users": [{"username": "AnonymousUser", "groups": ["anonymous"]}, {"username": "esar", "groups": ["anonymous", "ARPAV", "Authenticated-GeoNode-Users"]}, {"username": "OssAria", "groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV"]}, {"username": "suoli", "groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV"]}, {"username": "rifiuti", "groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV"]}, {"username": "dapvr", "groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV"]}, {"username": "nirweb", "groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV"]}, {"username": "CFD_Idrologico", "groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV"]}, {"username": "sirav", "groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV"]}, {"username": "soaf", "groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV"]}, {"username": "sier", "groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV"]}, {"username": "OssAA", "groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV"]}, {"username": "acqueInterne", "groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV"]}, {"username": "geonode", "groups": ["anonymous", "Authenticated-GeoNode-Users", "ARPAV", "admin"]}]}

{"users": []}

It's strange that it finds all users, also geonode of admin group, but not users/admin, don't it?
My geoserver configuration says:
JVM VersionOracle Corporation: 1.8.0_131 (OpenJDK 64-Bit Server VM)

During installation of GeoNode (30/5), I launched these commands:

~$ sudo apt-get update
~$ sudo apt-get upgrade
~$ sudo add-apt-repository  ppa:geonode/stable
~$ sudo apt-get update
~$ sudo apt-get install geonode
~$ sudo geonode-updateip 192.168.31.80
.... raise GeoNodeException('You must have an admin account configured '
geonode.GeoNodeException: You must have an admin account configured before importing data. Try: django-admin.py createsuperuser

~$ geonode createsuperuser
Username: geonode
Email address: [hidden email]
Password:
Password (again):
Superuser created successfully.

~$ sudo geonode-updateip 192.168.31.80

On 5/7 I make an upgrade :

~$ sudo apt-get update
~$ sudo apt-get upgrade
...Get:2 http://ppa.launchpad.net/geonode/stable/ubuntu xenial/main amd64 geonode all 2.6.1+thefinal0 [4,787 kB]
...
Setting up geonode (2.6.1+thefinal0) ...
Sourcing /usr/share/geonode/config-post.sh as the configuration file
        Step: 'post specified
Running GeoNode postinstall ...
Operations to perform:
  Apply all migrations: account
Running migrations:
  No migrations to apply.
  Your models have changes that are not yet reflected in a migration, and so won't be applied.
  Run 'manage.py makemigrations' to make new migrations, and then re-run 'manage.py migrate' to apply them.

...and than installed 2.6.1 ver.
Than installed geonode-project:

~$ django-admin startproject geoportale26 --template=https://github.com/GeoNode/geonode-project/archive/2.6.zip -epy,rst

~$ sudo pip install -e geoportale26


You advice an upgrade of geonode? Or there is other I can check?
Thanks



2017-07-24 14:32 GMT+02:00 Alessio Fabiani <[hidden email]>:
Hello Annalisa,
it looks like your GeoNode instance is not enabled to provide users' roles via REST service.

I'm afraid your installation has something wrong, especially with the versions numbers.

In order to make a quick test using CURL:


you should receive the list of available groups on GeoNode


you should receive the list of available users on GeoNode


you should receive the list of available groups for admin user




Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Mon, Jul 24, 2017 at 1:33 PM, Annalisa Schiavon <[hidden email]> wrote:
I changed those values without success.
I can login with geonode user with admin permissions in geonode and also in geoserver, even if sometimes it fails. But also when geonode login fails in geoserver, waiting for a while, then I can access. I don't know why. Even without restart tomcat or apache.
But, for example, if I try to load a new layer I receive again this error:

Tried to make a GET request to http://localhost:8080/geoserver/rest/workspaces/default.xml but got a 404 status code: No such workspace: default

I have some WARNING and ERRORS in the logs, like:

org.geoserver.security.GeoServerRestRoleService$1 executeWithContext
WARNING: null
com.jayway.jsonpath.PathNotFoundException: No results for path: $['users'][0]['groups']
.....
ERROR [geoserver.rest] - No such workspace: default
24 Jul 13:06:12 ERROR [geoserver.rest] - 
org.geoserver.rest.RestletException
at org.geoserver.catalog.rest.WorkspaceFinder.findTarget(WorkspaceFinder.java:41)
.....
(my default workspace is named geonode ...)

If you want, I may attach full log.

For layers and maps already upload there are no problems, it seems.
Thanks




2017-07-20 11:19 GMT+02:00 Alessio Fabiani <[hidden email]>:
You need to change those values:

1. GeoNode REST Role Service to -> <baseUrl>http://192.168.31.80</baseUrl>

2. Authentication filters, geonode-oauth2:

  Access Token URI to -> http://192.168.31.80/o/token/
  Check Token Endpoint URL to -> http://192.168.31.80/api/o/v4/tokeninfo/
  Scopes to -> write


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 19, 2017 at 3:25 PM, Annalisa Schiavon <[hidden email]> wrote:
I can enter in GeoNode REST Role Service. <baseUrl> was my ip:
<baseUrl>http://192.168.31.80</baseUrl>
Now I set it to localhost. This is my screenshot:

Immagine incorporata 1


In Authentication filters, geonode-oauth2 is setted as below:

Immagine incorporata 2

what I wrong?
ClientID and Client Secret are equal to those in Geonode Admin

Thanks

2017-07-19 13:56 GMT+02:00 Alessio Fabiani <[hidden email]>:
In that case it might be a misconfiguration of the "GeoNode REST Role Service". Most likely if you try to enter it you will receive an error.

You need to double check manually the file inside the GEOSERVER_DATA_DIR:

$GEOSERVER_DATA_DIR/security/role/geonode\ REST\ role\ service/config.xml

and make sure this parameter points correctly to the base URL of your GeoNode instance

<baseUrl>http://localhost</baseUrl>


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 19, 2017 at 1:41 PM, Annalisa Schiavon <[hidden email]> wrote:
I didn't delete the "admin" user in geonode, but ... there is a default admin user in geonode? My superuser created with 

    geonode createsuperuser

is named "geonode".
I migrated a geonode 2.4 db (than execute $ geonode migrate --fake-initial); maybe I lost the admin user?
Among geonode users I have geonode, AnonymousUser and than my users created in 2.4.

In Geoserver, I've changed the default password of admin user and stop. 



2017-07-19 11:42 GMT+02:00 Alessio Fabiani <[hidden email]>:
Did you deleted the "admin" user from  GeoNode? Or removed privileged status? If yes it is normal, otherwise not.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Thu, Jul 13, 2017 at 9:29 AM, Annalisa Schiavon <[hidden email]> wrote:
I don't want to create a different admin user of Geoserver. But "admin" user (the default of Geoserver) is an Administrator if I set in Security settings, "Active role service" = "default". If I set "Active role service" = "geonode REST role service", the "admin" user is no longer an administrator but a common user with no permission.
This is my edit user page of admin user, when I set geonode REST role service:

Immagine incorporata 1

Is it normal? It's ok?

Thanks
Annalisa

2017-07-13 8:25 GMT+02:00 Alessio Fabiani <[hidden email]>:
As stated in the documentation, GeoServer still has its own internal users.

If you want to create an admin different from the default one in GeoServer also which works with basic auth also, you need to create a GeoServer internal user too.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:+39%200584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:+39%200584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:+39%20331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Wed, Jul 12, 2017 at 2:09 PM, Annalisa Schiavon <[hidden email]> wrote:
I add that if I run this command:


I get:
{"users": []}

The other cmd:


are ok.

I attach the last lines of geoserver.log

I've migrated from geonode 2.4 to geonode 2.6.
I've changed the geoserver data dir coping the original 2.9 and than replacing these directories from my geoserver 2.7:
  • data
  • layergroups
  • legendsamples
  • styles
  • workspace
Thanks for any reply
Annalisa


2017-07-12 12:48 GMT+02:00 Annalisa Schiavon <[hidden email]>:
Hi all.
I've followed this doc because I had some problems with permissions on layers: http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/index.html .

My geonode superuser is "geonode", so I access Geoserver with geonode and setted geonode REST role service as Active role service in Security settings. 

After doing this, I can no more login in Geoserver with admin user.
Unfortunately, I made a "updatelayer" with --remove-deleted option and this deleted all my layers from geonode. In geoserver there are all layers.

I try to change back Security settings and set it to "default". Now if I make an updatelayers, geonode recreate my layers (but I have to restore my old backups because I lost all metadata and link with the maps).

I hope that after restoring geonode DB and doing "geonode migrate --fake-initial" I'll return to my situation of yesterday.
But how should I set Security settings?

Thanks
Annalisa




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users




_______________________________________________
geonode-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-users