Token-based authentication

SuperMap iServer provides a user authentication mechanism based on Token, allowing users to access the protected service resources by only providing Token, without the need to provide a user name and password. Token is an message string encrypted by Shared key. Token contains user name, expiry date and certain proprietary information. When applying for Token from SuperMap iServer, user needs to submit user name and password, after validation the server will return an appropriate Token.

Users can access the protected services by REST or Web Application etc., method with the correct Token. For users accessing through Web Application, this authentication method can effectively avoid the disclosure of user account on the server. Currently, all types of the services in SuperMap iServer service list support Token-based authentication, including various REST service module, OGC services.

For the users who are Authorized access to services, the overall process of accessing and using Token are as follows:

1. Applying for Token with users' accounts, see Getting Token.
2. Accessing the protected iServer services and related resources with obtained Token, see Access the secured resources. All the common GIS services provided by SuperMap iServer (see GIS service resource hierarchy) and all the management resources (see Service management resource hierarchy) support accessing by Token.

Generating for Token also needs the encryption key specified by the server side, it's called shred key. The system administrator could configure the shared key, please refer to Configure shared key of Token.