Integrated security

GIS system is not only a GIS server, but also a whole distributed system composed of many servers, so the security of GIS system should consider the whole system as a whole, that is, system integration security.

The SuperMap GIS server product family provides integrated security for GIS systems through a range of security measures, including:

• security info storage Settings

SuperMap GIS server stores user information in SQLite database by default, and supports storing user information in MySQL/Oracle/PostgreSQL database and other custom storage locations.

• session info management

The SuperMap GIS server supports the configuration of centralized sessions. Centralized session means that the session information is saved to a third-party database, and when the same session needs to be established again, it can be obtained directly from the database.

For GIS servers, opening a centralized session means that users can directly access multiple different addresses using the same browser with only one login. GIS server no need to log in repeatedly. Relatively speaking, using a single session mode without opening a centralized session means that users need to log in once every time they access a GIS server, even if the same user needs to log in, which increases duplication of work.

• user password security setting

The SuperMap GIS server supports setting the number of consecutive password errors allowed in a period to prevent brute force. At the same time, it is supported to set that the modified new password cannot be repeated with any of the previous passwords, and it is supported for the administrator to customize the number of non-repeatable times.

• CAS Single Sign-On

There are many server nodes in the GIS system. When accessing each server, you need to log in separately, and you may need to log in frequently when performing complex operations. Through single sign-on, you can achieve only one login, and directly access multiple systems.

• Security and clustering

The function of the security module is to protect the GIS server, quarantine with the outside world, and only allow trusted users and administrators to access, while the distributed cluster is to unite multiple servers to work together to improve efficiency. Only by dealing with the relationship between security and cluster can we not only ensure the security of server products, but also make full use of the high efficiency of cluster.

When the child node reports to the parent node, it means that the security of all its service instances can be controlled by the parent node. Security for some service instances is controlled by the parent node, even if the child nodes of the cluster have them and the parent node does not.

• Configure to use LDAP

LDAP (Lightweight Directory Access Protocol) is widely used, and LDAP servers are used to store user accounts in many server systems. SuperMap iPortal, iServer and iEdge support the use of user accounts from existing LDAP servers without the need to duplicate the creation of users. In this way, the GIS system can share a set of user system with other application systems in the organization unit, which can not only reduce the duplication of investment in the construction of user system, but also avoid the redundancy of user system in the organization.

• Configure to use Keycloak for authentication and authorization

The SuperMap GIS server supports the use of Keycloak for authentication. SuperMap iServer, iPortal, iEdge, after docking with Keycloak, unified account management can be carried out to realize single sign-on.

• Configure an account that uses the OAuth2 protocol

SuperMap iPortal, iServer, and iEdge support OAuth third-party account login under the 2.0 agreement, such as QQ and Sina Weibo accounts. These third-party accounts can directly log in to the GIS server or bind to existing accounts in the GIS server.

• Extend accounts that use the OAuth2 protocol

SuperMap iPortal, iServer, and iEdge support all third-party account login under OAuth 2.0 protocol is not limited to QQ and Sina Weibo.

• Extend to use custom account storage

SuperMap iServer and iEdge support user account systems that use other means of storage, such as file storage and relational database storage, in an extended manner. If you already have a custom stored user account system before using the GIS server, you can extend it to the GIS system for use.

• Compatible with third-party security solutions

SuperMap iPortal, iServer, and iEdge support third-party security frameworks and solutions such as built-in security solutions for Java middleware, common Java security frameworks, etc.