I have my GeoPortal 1.2.4 app all set up using connections to LDAP. Everything is working well security-wise, and now I want to enable single sign on. Without reading any documentation, I tried setting singleSignOn (in gpt.xml) to true to see what would happen. I am able to log in, and it shows my user name in the top with a welcome message and there is a logout link. After I navigate to any other page in the app (e.g.: click on "Search" tab), I am logged out. So, I decided I needed to research this a bit, and found these instructions: https://github.com/Esri/geoportal-server/wiki/Single-Sign-On#Modify_the_webxml_File Are those the correct instructions? We are using Tomcat, so I am following the Tomcat section in that documentation. The three sections in the docs are: 1) Modify the Tomcat server.xml File: The server.xml was already set up for LDAP before we started. We verified that everything was set up per the docs. As I said before, the connection to LDAP is working ok. No problems there - just trying to enable Single Sign On with other apps. 2) Update the geoportal gpt.xml file: Changed "false" to "true" - simple. 3) Modify the web.xml File: This is where I really ran into trouble. It tells us to uncomment certain sections, but our web.xml file looks NOTHING like the text in the instructions. Our security-constraint section looks like this: <!--security-constraint> <web-resource-collection> <web-resource-name>Restricted content</web-resource-name> <description>Restricted content</description> <url-pattern>/Eros</url-pattern> <url-pattern>/rest/usage/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint--> Uncommenting this had no effect. I also tried copying the security-constraint from the docs into the file, but then we just get a Tomcat 403 error when we try to log in. Can anyone help me figure this out? Security seems to be working ok in the GeoPortal as a stand-alone app, so we just want to enable single sign on now. thanks!
... View more
Hi everyone. Here is my setup: -- I have my geoportal connecting just fine to my LDAP. -- I set <metadataAccessPolicy type="restricted"/> -- The <groups> tag is configured OK, and seems to be finding my groups in LDAP. Now, when I go to set an access level for a record, it shows me ALL the groups. Is there a way to get the <metadataManagementGroup> tags to specify to hide a given group? Some of them have to do with other apps, and are not relevant to metadata management. thanks, David
... View more