Logo of 52°North

52n WSS: Restrict access to your OGC Web Service

The 52n Web Enforcement Service (WSS) is the gatekeeper of your protected services. The WSS is designed to analyze service requests targeted to the protected service.

  • Is the requesting user authenticated, e.g. by presenting a SAML ticket of an accepted WAS or a valid username and password?
  • Has the identified user the permission to perform the request, e.g. to access a certain WMS layer?
  • Is there some information that has to be hidden from this user, like certain WMS layers?

Identify Users

The WSS accepts the transmission of identity and request information in several ways. We call this _Authentication Schemes_. Currently supported authentication schemes are:

  • HTTP Basic Authentication: widely accepted and implemented
  • WSS Protocol: a dedicated protocol to transmit arbitrary identity information
  • No authentication: Connect to WSS without any identity information and act as an anonymous user

Protect more than one service

A single WSS installation can serve as a gatekeeper for an arbitrary number of services that need protection. Just create a new Enforcement Point inside your WSS to set up an access point to a secured service. For each Enforcement Point you can define the type of service that is protected and the active authentication schemes, depending on what your clients are able to connect to.

Authorize Requests and Responses

The core functionality of a WSS is to analyze incoming requests to the protected service as well as outgoing responses from the service. The 52n WSS implementation incorporates the Interceptor framework, that handles these issues. Every interceptor handles a service type-related autorization task like analyzing WMS GetMap requests and so on.

The current implementation contains the following interceptors: