The presentation will provide a comprehensive introduction to GeoServer’s authentication and authorization subsystems. The authentication section will cover the supported protocols (e.g., Basic/Digest authentication) and identity providers (such as local configuration files, databases, LDAP servers, and OAuth2/OpenID Connect), including scenarios where the same source may fulfill both roles.

It will explain how to combine multiple authentication mechanisms into a unified and coherent security framework, and will present examples of custom authentication plugins for GeoServer, enabling integration with bespoke security architectures. The presentation will then address authorization, describing GeoServer’s pluggable authorization model and comparing it with external proxy-based solutions. The default service and data security system will also be examined, highlighting its strengths and limitations.

Finally, we will explore the advanced authorization provider, GeoFence. The various levels of integration with GeoServer will be presented, ranging from simple, seamless direct integration to more sophisticated external deployments. We will conclude by showcasing GeoFence’s powerful authorization capabilities, including:

• User- and role-based access control
• OGC service, workspace, layer, and layer group restrictions
• CQL read and write filters
• Attribute-level security
• Spatial filtering of raster and vector data based on areas of interest