Skip to content

Fix #12504 - Migrate to GeoStore 2.6#12518

Merged
tdipisa merged 10 commits into
geosolutions-it:masterfrom
offtherailz:gs-2.6-update
Jun 23, 2026
Merged

Fix #12504 - Migrate to GeoStore 2.6#12518
tdipisa merged 10 commits into
geosolutions-it:masterfrom
offtherailz:gs-2.6-update

Conversation

@offtherailz

@offtherailz offtherailz commented Jun 18, 2026

Copy link
Copy Markdown
Member

Description

Aligns MapStore with GeoStore 2.6's new dynamic OIDC provider mechanism and documents the migration path for users and custom projects.

Changes

  • Spring security XMLs (product/ and web/, both db and ldap variants): remove hardcoded keycloakConfig / googleSecurityConfiguration beans and individual filter entries; replace with OpenIdConnectProviderRegistrar + CompositeOpenIdConnectFilter.
  • applicationContext.xml (framework + project template): add ignoreInvalidKeys=true to the order-10 PropertyOverrideConfigurer so oidc_providers can be set directly in mapstore-ovr.properties without causing a startup failure.
  • Documentation and migration guidelines updte.

Please check if the PR fulfills these requirements

What kind of change does this PR introduce? (check one with "x", remove the others)

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Other... Please describe:

Issue

What is the current behavior?

Fix #12504

What is the new behavior?

Breaking change

Does this PR introduce a breaking change? (check one with "x", remove the other)

  • Yes, and I documented them in migration notes
  • No

Other useful information

@cla-bot cla-bot Bot added the CLA Ready label Jun 18, 2026
@offtherailz

Copy link
Copy Markdown
Member Author

here @mahesh-wor the update for 1.6 with documentation changes too

@mahesh-wor

Copy link
Copy Markdown
Contributor

here @mahesh-wor the update for 1.6 with documentation changes too

Thank you will go through and and update the configuration changes on #12459 accordingly.

@tdipisa tdipisa left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@offtherailz
I would like to review the structure of the OIDC paragraphs. At the moment OpenID connect, Google, Keycloak seems three different things:

Image

Since Google, Keycloak are both examples of the same OIDC connect but for different providers they should be at the same level of the example we provided for Entra .

@mahesh-wor

Copy link
Copy Markdown
Contributor

i ran a local setup with mapstore.war built from offtherailz:gs-2.6-update, Updated my local configs to support the new generic oidc system. Multiple odic providers are working well.

oidc_providers=keycloak,microsoft

keycloakOAuth2Config.enabled=true
keycloakOAuth2Config.clientId=mapstore-server
keycloakOAuth2Config.clientSecret=xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx
keycloakOAuth2Config.sendClientSecret=true
........
microsoftOAuth2Config.enabled=true
microsoftOAuth2Config.clientId=xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx
microsoftOAuth2Config.clientSecret=xxxxxxxxxxxxxxxxxxxxxxxx
microsoftOAuth2Config.sendClientSecret=true
[
  {
    "op": "add",
    "path": "/authenticationProviders",
    "value": [
      {
        "type": "openID",
        "provider": "keycloak",
        "title": "Keycloak"
      },
      {
        "type": "openID",
        "provider": "microsoft",
        "title": "Microsoft",
        "imageURL": "data:image/svg+xml;base64,PHN2ZyBhcmlhLWhpZGRlbj0idHJ1ZSIgdmlld0JveD0iMCAwIDI1IDI1IiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGl0ZW1wcm9wPSJsb2dvIiBpdGVtc2NvcGU9Iml0ZW1zY29wZSI+CgkJCTxwYXRoIGQ9Ik0xMS41MjE2IDAuNUgwVjExLjkwNjdIMTEuNTIxNlYwLjVaIiBmaWxsPSIjZjI1MDIyIj48L3BhdGg+CgkJCTxwYXRoIGQ9Ik0yNC4yNDE4IDAuNUgxMi43MjAyVjExLjkwNjdIMjQuMjQxOFYwLjVaIiBmaWxsPSIjN2ZiYTAwIj48L3BhdGg+CgkJCTxwYXRoIGQ9Ik0xMS41MjE2IDEzLjA5MzNIMFYyNC41SDExLjUyMTZWMTMuMDkzM1oiIGZpbGw9IiMwMGE0ZWYiPjwvcGF0aD4KCQkJPHBhdGggZD0iTTI0LjI0MTggMTMuMDkzM0gxMi43MjAyVjI0LjVIMjQuMjQxOFYxMy4wOTMzWiIgZmlsbD0iI2ZmYjkwMCI+PC9wYXRoPgoJCTwvc3ZnPgo="
      },
      {
        "type": "basic",
        "provider": "geostore"
      }
    ]
  }
]
Screenshot 2026-06-22 at 4 11 58 PM

I tested login, role assignment and it's working well.

@offtherailz @tdipisa Once you have this PR merged, i will update #12459 and we can proceed with the implementation in dev/qa.

@offtherailz offtherailz requested a review from tdipisa June 22, 2026 12:23

@tdipisa tdipisa left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@offtherailz there are failing checks now. Can you please check?

@offtherailz

Copy link
Copy Markdown
Member Author

The cause of this failure is unclear, it looks to be generated randomly

For this reason, to split this changes from something that looks to be more related to particular execution cases, I created

And going to block this on #12526

@offtherailz

Copy link
Copy Markdown
Member Author

thank you @mahesh-wor We improved also di entra doc please take a look.

@tdipisa tdipisa self-requested a review June 22, 2026 16:21
@mahesh-wor

Copy link
Copy Markdown
Contributor

hi @offtherailz i checked the updated docs, looks comprehensive.
only thing i couldn't try out is the MS entra specific group claim, due to my active Directory plan limitations.

microsoftOAuth2Config.principalKey=email
microsoftOAuth2Config.rolesClaim=roles
microsoftOAuth2Config.roleMappings=MapStore.Admin:ADMIN,MapStore.User:USER
microsoftOAuth2Config.authenticatedDefaultRole=USER
Screenshot 2026-06-23 at 2 20 52 PM

@tdipisa

tdipisa commented Jun 23, 2026

Copy link
Copy Markdown
Member

hi @offtherailz i checked the updated docs, looks comprehensive. only thing i couldn't try out is the MS entra specific group claim, due to my active Directory plan limitations.

microsoftOAuth2Config.principalKey=email
microsoftOAuth2Config.rolesClaim=roles
microsoftOAuth2Config.roleMappings=MapStore.Admin:ADMIN,MapStore.User:USER
microsoftOAuth2Config.authenticatedDefaultRole=USER
Screenshot 2026-06-23 at 2 20 52 PM

@mahesh-wor we will have to review this once merged, I guess.

@tdipisa tdipisa enabled auto-merge (squash) June 23, 2026 09:03
@tdipisa tdipisa merged commit a0b1cfa into geosolutions-it:master Jun 23, 2026
12 checks passed
@offtherailz

Copy link
Copy Markdown
Member Author

Successfully created backport PR for 2026.02.xx:

@tdipisa tdipisa added this to the 2026.02.00 milestone Jun 23, 2026
offtherailz added a commit that referenced this pull request Jun 23, 2026
* Fix #12504 - Migrate to GS-2.6

* Fix lint

* Fixed tennant and discovery URL

* Reorganized examples of openid

* Improved oidc doc

---------


(cherry picked from commit a0b1cfa)

Co-authored-by: Tobia Di Pisa <tobia.dipisa@geosolutionsgroup.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Update MS to geostore 2.6-SNAPSHOT

3 participants