FOSS4G 2023

GeoSolutions has been involved in a number of projects, ranging from local administrations to global institutions, involving GeoNode deployments, customizations and enhancements. A gallery of projects and use cases will showcase the versatility and effectiveness of GeoNode, both as a standalone application and as a service component, for building secured geodata catalogs and web mapping services, dashboards and geostories. In particular the recent advancements in data ingestion and harvesting workflows will be presented, along with the many ways to expose its secured services to third party clients. Examples of GeoNode’s builtin capabilities for extending and customizing its frontend application will be showcased.

This presentation will introduce the attendees to those which are GeoNode's current capabilities and to some practical use cases of particular interest in order to also highlight the possibility of customization and integration. We will provide a summary of new features added to GeoNode in the last release together with a glimpse of what we have planned for next year and beyond, straight from the core developers.

The presentation will provide a comprehensive introduction to GeoServer's own authentication and authorization subsystems. The authentication part will cover the various supported authentication protocols (e.g. basic/digest authentication, CAS, OAuth2) and identity providers (such as local config files, database tables, and LDAP servers). It will also cover the recent improvements implemented with the OpenID integrations and the refreshed Keycloak integration.

It will explain how to combine various authentication mechanisms in a single comprehensive authentication tool, as well as provide examples of custom authentication plugins for GeoServer, integrating it in a home-grown security architecture. We’ll then move on to authorization, describing the GeoServer pluggable authorization mechanism, and comparing it with an external proxy-based solution. We will explain the default service and data security system, reviewing its benefits and limitations.

Finally, we’ll explore the advanced authorization provider, GeoFence. The different levels of integration with GeoServer will be presented, from the simple and seamless direct integration to the more sophisticated external setup. Finally, we’ll explore GeoFence’s powerful authorization rules using:

• The current user and its roles.
• The OGC services, workspace, layer, and layer group.
• CQL read and write filters.
• Attribute selection.
• Cropping raster and vector data to areas of interest.