Integrated security |
GIS system is not just a GIS server.It is the entire distributed system consisting of multiple servers. Therefore GIS system security should consider the entire system as a whole, that is, integrated system security.
The series of SuperMap GIS server products realized integrated security of GIS system through a range of security measures, including:
The SuperMap GIS server stores user information in the SQLite database by default, also supports storing user information in the MySQL/Oracle database, as well as other custom storage locations.
The SuperMap GIS server supports configuring a centralized session. Centralized session means that the session information is saved to a third-party database and can be obtained directly from the database when it is necessary to establish the same session again.
For GIS servers, a centralized session means that when users use the same browser to access multiple addresses without having to log in again. Relatively speaking, if it does not open a centralized session, that means that each user needs to log in every time when visiting a GIS server, even for the same user, which will increase the duplication of work.
The SuperMap GIS server supports setting the number of consecutive errors in the password for a period of time to prevent violent cracking. And supports to set new password that can not be repeated with any of the previous passwords, and the number of non-repeatable can also be set.
GIS system contains multiple server nodes, accessing each server needs to log in separately, while complex operations may require frequent logging in. With SSO to log in only once, users can directly access multiple GIS products and multiple server nodes in the system.
The role of the Security Module is to protect the GIS server, isolate it from the outside world, allowing only trusted users and administrators to access. The Distributed cluster means multiple servers working together to improve efficiency. A good relationship between security and cluster could ensure the security of server products, and take advantage of high efficiency of the cluster.
When a child node reports to the parent node, it means that the security of all service instances can be controlled by the parent node. Even when the child node has service instances, while the parent node doesn't have any instances, the security of these service instances will also be controlled by the parent node.
LDAP ( Lightweight Directory Access Protocol) Lightweight Directory Access Protocol is widely used, and many server system uses LDAP server to store user accounts. SuperMap iPortal, iServer and iEdge support user accounts of an exsiting LDAP server and don't need to recreate user. So, GIS system can share the same user system with other application systems in a organization, not only reducing the waste of bulding user syetem, but also avoiding the redundancy of user systems in an organization.
SuperMap GIS servers support using Keycloak to authenticate and authorize permissions. After dock to Keycloak on SuperMap iServer, iPortal and iEdge respectively, these three servers can use the same account system to realize single sign-on.
SuperMap iPortal, iServer and iEdge support logging in with a third-party account which use OAuth 2.0 protocol,such as QQ, Sina Weibo account. These third-party acounts can login to GIS server diretcly, also can be binded to a exsiting account in GIS server.
SuperMap iPortal, iServer and iEdge support logging in with all the third-party accounts which use OAuth2.0 protocol in a way of extension, not limited to QQ and Sina Weibo accounts.
SuperMap iPortal、 iServer 和 iEdge support to use user account system stored in other ways, such as file storage and relational database storage, by means of extension. If you have user account system stored in customized way before use the GIS server, it can be extended to use in the GIS server.
SuperMap iPortal, iServer and iEdge support a third-party safety framework and solution scheme,such as the build-in security scheme of Java midware,common Java security framework.