GeoServer Admin Guide

This guide provides information for SDL Administrators on managing GeoServer authentication, user roles, and system configuration.

User Administration

Making a User a GeoServer Administrator

This is only applicable if you already have an admin account in Keycloak. Otherwise ask an SDL admin to make you a GeoServer administrator.

  1. Log in to Keycloak with existing admin credentials

  2. Create a new user/update an existing user

  3. Select the Role Mappings tab

  4. Add the GEOSERVER_ADMIN role

Authentication Configuration

Verifying Authentication Filter Chain

  1. Navigate to Security > Authentication

  2. Current filter chain configuration is displayed under Filter Chains

  3. For OIDC, the filter chain (in web and rest) should be:

    • OIDC

    • Anonymous

Modifying Filter Chain

  1. Under Filter Chains, select the chain to modify

  2. Use the arrows to change filter order or add/remove filters

  3. Click Close then Save to apply changes

OIDC Configuration

UI Location

  1. Navigate to Security > Authentication

  2. Look for oidc authentication filter

For the OIDC filter to work, the following environment variable had to be set: 
  - name: DISABLE_SECURITY_FILTER
    value: "true"

Setting this variable will disable the antiClickJackingOption security filter from the Tomcat configuration.

Important configuration files are located at:

  • Web config: /build_data/web.xml

  • Auth filter config: /opt/geoserver/data_dir/security/config.xml

  • OIDC config: /opt/geoserver/data_dir/security/filter/oidc/config.xml

  • Keycloak config: /opt/geoserver/data_dir/security/role/keycloak_service/config.xml

Troubleshooting

Layer Classification Misconfiguration

Layer classification misconfigation occurs when a user saves an invalid classfication string as a layer’s classication keyword, or when a user sets multiple classifications on a layer. If a user misconfgures a layer’s classification, the SDL user will need to refer to a user’s support ticket for the intended layer classification and correct their issue via the following steps:

  1. In the Layers view, identify the misconfigured error — the misconfigured layer’s name should be in the ticket

  2. Enter the layer’s configuration page and navigate to the Keywords section and delete all classification keywords present on the layer

  3. Create the correct classification:

    • Type the layer classification into the New Keyword text box

    • In the dropdown, select "English"

    • Type "Classification" into the Vocabulary text box

  4. Click Add Keyword

  5. Click Save at the bottom of the page.