JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

1 of 11

pygeoapi-auth

authentication and authorization for pygeoapi

Youssef Harby

https://github.com/cartologic/pygeoapi-auth -deployment

2 of 11

docker run --rm -p 5000:80 geopython/pygeoapi:latest

Port : 80

Port : 5000

Host

Container

http://localhost:5000

3 of 11

But what if I have sensitive data?

4 of 11

We need to protect it !

Port : 80

Port : 5000

Host

Container

Or any reverse proxy

Port : 80

Port: 443

Port : 80

Port: 443

Host

5 of 11

But what about authorization !

Can access any collection/item

Now I know you

6 of 11

The Solution!

forward authentication

7 of 11

Architecture Diagram if HTTP 200 OK

Port : 80

Port : 9001

Port: 80

Port: 443

Port: 80

Port: 443

Host

User: yharby

app.pygeoapi.local/api/collections/obs

pygeoapi.local/?rd=https://app.pygeoapi.local/api/collections/obs&rm=GET

pygeoapi.local

app.pygeoapi.local

HTTP 200 OK

Response

Redirected to authelia with redirect needed endpoint in query params

Isolated Docker Network

8 of 11

Architecture Diagram HTTP 4xx KO

Port : 80

Port : 9001

Port: 80

Port: 443

Port: 80

Port: 443

Host

app.pygeoapi.local/api/collections/obs

pygeoapi.local/?rd=https://app.pygeoapi.local/api/collections/obs&rm=GET

pygeoapi.local

HTTP 4xx KO

ERROR

Redirected to authelia with redirect needed endpoint in query params

Isolated Docker Network

User: francbartoli

9 of 11

10 of 11

Todo list:

Enable OpenID Connect (https://www.authelia.com/integration/openid-connect/introduction/).
External user authentication (LDAP/Keycloak..etc).
Test against QGIS and other GIS desktop applications.

11 of 11

Q&A