Creating Temporary, Account-Based Access
To access securityGateway the user enters the address http://<SERVER>/gateway
.
In the dialog that follows, the user then enters the address of the WSS and edits the suggested name of the gateway: He can also lay down whether the gate is restricted to a particular IP address (the IP address of the invoking user is the default address).
It is also possible to state IP address ranges.
securityGateway integrates the name of the gateway in the user-specific section of the URL.
Because it is possible for anyone in possession of this URL to access the gateway with the rights of the logged on user, select a name which is difficult for others to deduce.
After clicking Login, the gateway sets up a connection with the given WSS, and displays the login page, where the user can sign in.
Alternatively, the user can sign in as a guest, without entering a username or password.
In this case they only have the rights that the system allows for users with a guest login.
In the case of a hybrid user management configuration the user has to use his qualified username which ends with a domain name (user@<domain>
).
Clicking Login again logs the user in temporarily and gives the user his own personal access address. This can be loaded as a WMS URL into any WMS client.
The authentication text is only performed once at the time of logging on. If the URL of the temporary gateway is revealed, it is possible that a third party can also sign in to the gateway. Inform your users accordingly! |
To protect misuse, bind the gateway to the IP address of the computer used to access the gateway through the browser. |