Installation

With security.manager for OGC, you can control access to OGC services such as WMS and WFS. security.manager for OGC allows you to secure multiple services simultaneously, as long as the services are accessible via the same host. If you want to protect services that are accessible via different hosts, you need separate installations of security.manager for OGC for each host.

The commissioning of security.manager for OGC consists of the following steps:

  1. Installation of the security.manager for OGC Web App in Tomcat.

  2. Add configuration files.

  3. Test the installation.

Requirements

Before you begin the installation, ensure that the following requirements are met:

  • The host on which you want to run security.manager for OGC meets the system requirements.

  • You have file access for the host to copy files to the Tomcat webapps directory and create configuration files.

Install web app

  1. Unpack the security.manager for OGC rollout file security.manager-for-OGC-<version>.zip to a folder of your choice. The folder will be referred to as [SECMAN_DIST] in the following sections.

  2. Copy [SECMAN_DIST]/secman-ogc.war into the webapps folder of your Tomcat installation.

Since no configuration has been done yet, security.manager for OGC cannot be started.

Add configuration

In this step, you provide the necessary configuration files for security.manager for OGC. To do this, you copy template configuration files from the rollout file to the configuration directory of security.manager for OGC.

The location of the configuration directory is by default ${user.home}/.secman-ogc, i.e. in the home directory of the user running the Tomcat server. For information on how to determine the path of ${user.home}, see the explanations on the configuration directory.

  1. Create the configuration directory if it does not already exist, for example C:\Users\tomcat\.secman-ogc on Windows or /home/tomcat/.secman-ogc on Linux.

  2. Copy the files and folders from the [SECMAN_DIST]/config-template directory to the configuration directory.
    The folder should then have the following structure:

    Example of the configuration directory
    .secman-ogc/
├── policies/
│   └── policy-example.json
├── application.properties
└── server-config.json

  3. Restart security.manager for OGC by restarting the Tomcat server.

Test the installation

After restarting Tomcat, you should check whether the installation and configuration was successful.

To do this, follow these steps:

  1. Open the log file of security.manager for OGC, which you can find at [TOMCAT]/logs/ct-secman-ogc.log. If the log file does not exist, check the instructions in the Troubleshooting section.

  2. Search for the following message at the end of the log file:

    ... [SUCCESS] security.manager for OGC started

If you find this message, the installation was successful.

Troubleshooting

If the installation was not successful, you should check the entries in the log file of security.manager for OGC.

The log file does not exist

If the log file [TOMCAT]/logs/ct-secman-ogc.log does not exist, please check the following points:

  • Ensure that the Tomcat server is running.

  • Check the Tomcat logs for error messages regarding the deployment of the security.manager for OGC web app.

  • Ensure that the secman-ogc.war file is present in the Tomcat webapps directory.

The log file does not contain a success message

If the log file [TOMCAT]/logs/ct-secman-ogc.log exists but does not contain the success message [SUCCESS] security.manager for OGC started, please check the following points:

  • Check the log file for error messages. Often the error messages provide direct instructions on how to fix the problem.

  • Ensure that the configuration files server-config.json and application.properties are present in the configuration directory of security.manager for OGC.

  • Ensure that the configuration files contain valid JSON or valid properties.

  • Correct any errors in the configuration files and restart the Tomcat server.

You must restart the Tomcat server for changes to the configuration files to take effect. Then check the log file again.

Next steps

The configuration you created with this installation guide uses example values that you must adapt to your environment.

To familiarize yourself with the product and its configuration, you should next look at one of the tutorials for securing WMS or WFS. They demonstrate step by step how to control access to services with security.manager for OGC.

To enforce policies based on user roles you need to connect security.manager for OGC to the Identity Service. How to establish the connection is described in the how-to Connect Identity Service.

security.manager for OGC acts as a proxy for a service URL with which you can enforce fine-grained permissions. This only applies to requests that clients send to the security.manager for OGC endpoint. You therefore must prevent direct access to the protected service so that clients cannot bypass security.manager for OGC. One way to prevent direct access is described in the how-to Protect service requiring authentication.

Also familiarize yourself with the how-to Configure URL rewriting. It explains under which circumstances it is advisable to disable URL rewriting by security.manager for OGC.