Hexagon Geospatial
MENU

Support WebGIS

Need a push in the right direction when configuring WebMap, Portal or SDI services? Looking for hints and tips, or just looking for Ideas and information? The WebGIS discussion board is where you start those discussions, connect and share information.
Showing results for 
Search instead for 
Do you mean 
Reply
Frequent Contributor
Posts: 121
Registered: ‎02-17-2016

Security Console questions

With the Geospatial SDI Security Console is it possible to 

  • secure the Security Console, so that a password is required to access it?
  • secure the authorization bridge service, so that is checks against an AD group?
  • Increase teh logging detail on either the Security Console or the auth bridge service to capture which users run the Security Console?
  • How can an audit of user, group, role and web service changes be made?

Thank you

Richard

Staff
Posts: 235
Registered: ‎02-04-2016

Re: Security Console questions

Hi Richard,

 

a) Password to access Security Console -- not aware of this feature, perhaps development should chime in.

 

Since the Security Console prompts for an authorization bridge service, a password for Security Console may be unnecessary IF the authorization bridge service is secured ??

 

 

b) secure the authorization bridge service, so that is checks against an AD group? -- I see an <authentication> section in web.config:

 

	<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
		<authentication mode="Windows"/>

 

And security mode for AuthorizationBridgeBinding:

 

		<bindings>
			<wsHttpBinding>
				<binding name="AuthorizationBridgeBinding">
					<security mode="None"/>
				</binding>
			</wsHttpBinding>
		</bindings>

 

Again, need development input here.

 

 

c) & d) --> Auditing -- sounds like Enhancement Request.

 

 

HTH

 

Frank

hbm
Staff
Posts: 285
Registered: ‎11-05-2015

Re: Security Console questions

None of this are available out of the box.

The security console has no provision for authentication. It might be possible to use the current logged on user credentials by configuring both ends (security console as client, authorization bridge as service) in the appropriate WCF sections. I don't think anyone ever tried this approach. Even so, the security console would then only display a "can't connect" message, without giving specific information as to the reason being unauthorized.

A very dirty approach at limiting who can run the security console would be using standard windows file permissions Smiley Wink

 

No history logging is available in the authorization bridge but it seems to be actually a valid enhancement.

 

Highlighted
Staff
Posts: 235
Registered: ‎02-04-2016

Re: Security Console questions

Hi Richard,

 

CR-E 1-LGBYNN (Audit trail on Security Console) is filed.

 

Regards,

 

Frank

Do you need immediate support?
If you encounter a critical issue and need immediate assistance please submit a Service Request through our Support Portal.