This page last changed on Apr 07, 2011 by


Geoserver authentication is based on Spring Security and offering a user id / password log in. After a successful log in process, the user has some predefined roles. Based on these roles, authorization takes place.
Spring Securityoffers many additional authentication mechanisms. (Http Basic, Http Digest, X.509 Certificate, openID, ...). Based on these mechanisms a more powerful Geoserver authentication architecture should be developed.

Proposed By

Christian Mueller


The new Geoserver authentication plugin should be capable of multiplexing between a set of concrete authentication plugins. The background for this is to have the possibility for different authentication mechanisms due to different clients. A typical scenario is access from a Web browsers and some desktop GIS systems. While browsers are capable of Http Digest Authentication,  desktop software normally is not and needs another mechanism.

At a minimum, the multiplexer passes the HttpServletRequest object into the concrete authentication plugins and asks each concrete plugin if it is responsible for this request. Responsibility can be based on IP Addresses, user id patterns, HTTP header attributes and much more.

Proxy Authentication

Proxy authentication is possible. The proxy should pass the user id and the roles (optional) in the HttpServletRequest object.

Custom Authentication Module

Geoserver users should be able to develop their own custom authentication module(s). A typical scenario is authentication against an user installed authentication database (SQL, LDAP).

PAM functionality

If you are new to PAM,  look  here.  The basic idea is that a concrete authentication module can also be a stack of other modules. A scenario is if you have to log in a user in two ore more security backends, all of the logins must be successful.

Load Balancing / Failover

Care must be taken for such scenarios. OGC services are stateless and it does not make sense to create a HttpSession object only for the need of authentication. To make it short, even protected OGC services will remain stateless.

Admin GUI

The admin GUI has to be extended to support configuration of the above concepts.

REST Configuration

All configurations should be possible using REST services.


The new architecture will not break any already deployed geoserver installations using the current security subsystem.

Document generated by Confluence on May 14, 2014 22:59