Re: [ferret_users] [Fwd: Re: OPeNDAP authentication]

[Thomas LOUBRIEU <Thomas.Loubrieu@xxxxxxxxxx>]

I confirm,
You can try to access this URL which is protected with CAS (Central 
Authentication Service) :
http://www.ifremer.fr/thredds3/standard/dodsC/ARIVO-GLOBAL-ARRGL05-OBS/arragl05_m05.nc 
<http://www.ifremer.fr/thredds3/standard/dodsC/ARIVO-GLOBAL-ARRGL05-OBS/arragl05_m05.nc.html>
The client need to parse the web authentication form to get some 
information, then send login/password information (with get or post http 
request) to the authentication server, at last come back to the TDS server.

We did the work by updating the java opendap API (see the GUI interface 
: https://gforge.ifremer.fr/wiki/doku.php?id=carkinus:download).

Tony Jolibois and  John Caron have a login to access this URL, 
unfortunatly I cannot give anybody a login, but if some of you are 
interested in testing it, please let me know.

Thomas

PS. The latest version of CAS may enable easier programmatic access to 
the authentication server. I'm not sure about that.





Jolibois Tony wrote:
> Hi Ansley,
> I think your solution will work with simple apache authentication, but 
> not with a single sign on service like Central Authentication Service 
> (http://www.jasig.org/cas).
> Do you confirm ?
>
> Thanks,
> Tony
>
> Ansley Manke a écrit :
> > Hi Tony,
> > If the OPeNDAP server is set to do authentication, then you need only 
> > specify the username and password in the OPeNDAP URL, and Ferret will 
> > open the file.
> >
> > For the syntax, see section 2.7.4 under "Access to Remote Data Sets 
> > with DODS"
> >
> > http://ferret.pmel.noaa.gov/Ferret/documentation/users-guide/data-set-basics/ACCESS-TO-REMOTE-DATA-SETS-WITH-DODS
> >
> >
> > Jolibois Tony wrote:
> > >    Hi all,
> > >
> > > Following a discussion on opendap-tech list, does ferret, as opendap 
> > > client, support SSO connection (in the case an opendap server is 
> > > protected by this authentication service) ? If no, is this 
> > > modification planned ?
> > >
> > > Thanks,
> > > Tony
> > >
> > >
> > > ------------------------------------------------------------------------
> > >
> > > Subject:
> > > Re: [Opendap-tech] [thredds] OPeNDAP authentication
> > > From:
> > > James Gallagher <jgallagher@xxxxxxxxxxx>
> > > Date:
> > > Fri, 28 Aug 2009 09:28:09 -0600
> > > To:
> > > Pauline Mak <pauline.mak@xxxxxxxxxxx>, THREDDS THREDDS 
> > > <thredds@xxxxxxxxxxxxxxxx>, Tech OPeNDAP <opendap-tech@xxxxxxxxxxx>
> > >
> > > To:
> > > Pauline Mak <pauline.mak@xxxxxxxxxxx>, THREDDS THREDDS 
> > > <thredds@xxxxxxxxxxxxxxxx>, Tech OPeNDAP <opendap-tech@xxxxxxxxxxx>
> > >
> > >
> > > On Aug 27, 2009, at 5:04 PM, John Caron wrote:
> > >
> > >   
> > > > Pauline Mak wrote:
> > > >     
> > > > > Hi all,
> > > > >
> > > > > Is there any documentation on OPeNDAP/G, or THREDDS with X509  
> > > > > documentation?  We're interested in using authentication (and  
> > > > > naturally, authorisation) for some of our datasets.  I would like  
> > > > > to see if I can do a test setup over here, but I can't seem to find  
> > > > > any documentation on doing this...  Interestingly, does OPeNDAP  
> > > > > client libraries already support this?
> > > > >
> > > > > Thanks!
> > > > >
> > > > > -Pauline.
> > > > >
> > > > >       
> > > > For TDS, you can use standard Tomcat authentication, see  
> > > > authentication section of this:
> > > >
> > > > http://www.unidata.ucar.edu/projects/THREDDS/tech/tds4.0/reference/index.html
> > > >
> > > > Im guessing same for Hyrax. OPeNDAP client libraries should support  
> > > > this, as its based on standard HTTP mechanism.
> > > >     
> > >
> > > Yes, as both Patrick and John suggest, Hyrax depends on Tomcat for  
> > > security. Here's the documentation on that: http://docs.opendap.org/index.php/Hyrax_-_OLFS_Configuration#Authentication_.26_Authorization
> > >
> > > The C++ library and new C client-side library (and thus new netCDF DAP  
> > > access) support cookies which is, I believe, what is required for  
> > > single sign on systems, although more might be required on the server  
> > > side.
> > >
> > > James
> > >   
> > > > _______________________________________________
> > > > thredds mailing list
> > > > thredds@xxxxxxxxxxxxxxxx
> > > > For list information or to unsubscribe,  visit: http://www.unidata.ucar.edu/mailing_lists/
> > > >     
> > >
> > > --
> > > James Gallagher
> > > jgallagher at opendap.org
> > > 406.723.8663
> > >
> > > _______________________________________________
> > > opendap-tech mailing list
> > > opendap-tech@xxxxxxxxxxx
> > > http://mailman.opendap.org/mailman/listinfo/opendap-tech
> > >
> > >
> > >
> > >
> > >
> > >
> > >                            Cliquez sur l'url suivante 
> > > https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg==>  
> > >                     si ce message est indésirable (pourriel).
> > >   
>
>
> --
>
> Tony Jolibois
> CLS
> Direction Océanographie Spatiale/Information & Diffusion de Produits
> 8-10 rue Hermes
> 31526 Ramonville-St-Agne Cedex
> France
> Tel: (+33) 05 61 39 37 97
> Fax: (+33) 05 61 39 37 82
>
>   

--


-------------------------------------------------------------
Thomas LOUBRIEU
IFREMER IDM/ISI
BP70
29280 Plouzane
FRANCE
 
email: Thomas.Loubrieu@xxxxxxxxxx
WWW  : http://www.coriolis.eu.org/cdc
Tel.:  (+33) (0)2 98 22 48 53
Fax:   (+33) (0)2 98 22 46 44 

-------------------------------------------------------------