Authentication#

1. Levels of Authentication#

All software systems implemented in the GEOAnalytics Canada Platform require users to be authenticated before access is given. The GEOAnalytics platform uses LDAP (Lightweight Directory Access Protocol) to store user information and allow users to authenticate and log into the platform. Hatfield has also implemented a single sign-on (SSO) system based on the industry-standard OAuth 2 protocol, where you, the user, only needs to login to the platform once to gain access of all platform functions. Using this SSO system, an API token is given when you first login and is validated by platform services when accessed by you.

All users need to login through the single-sign-on system with their username and password to access platform systems and data. e4cbac507e6847a89939108ea24970ab

Once you have logged in, you will be led to the GEOAnalytics Platform’s main dashboard.

313277efcd5f4f45b9a5fb36ed2cd4e7

From the image above, take note of the “API Access Token” in the top right corner and the bottom of the dashboard. This API token is another authentication method to access parts of the GEOAnalytics API. The token is primarily used by pasting the token into certain scripts for access to the platform’s tools.

2. Systems Accessible with Username and Password#

With your user and password stored in the browser for the single sign-on system, you have access to most of the system, instantly.

  • EO Browser is a web portal with collections of Earth Observation data which can be usable for all GEOAnalytic users.

  • Ground Truth system implements powerful APIs that allow ground truth data to be integrated into other platform services, such as the EO data pre-processing and Jupyter-Lab analytic environments.

  • JupyterLab allows interactive data analytics to be executed without worrying about computational resources or installing software.

  • Desktop App is a personal Ubuntu Desktop environment available in a web browser.

  • FileBrowser contains the catelogue of data on the platform, ready to use/download.

3. Systems Accessible with API Token#

The API Token grants access to GEOAnalytics API which cannot be accessed with just your username and password.

An example of how to use this API token is down below. Here, Python sends a request to GEOAnalytics’ STAC Server, using the API token to directly access the STAC Browser and output the Server’s request header.

[22]:

import requests
import json
import sys

[ ]:

API_TOKEN = input("Please copy and paste your API Access Token here: ").strip()

[34]:

STAC_BASE_URL = "https://stac.eo4ph.geoanalytics.ca"
requests_headers = {'cookie': API_TOKEN}

[35]:

def test_STAC_server_request():
    test_STAC_request = requests.get(STAC_BASE_URL, headers=requests_headers)
    try:
        res = test_STAC_request.json()
        return res
    except ValueError as ex:
        print("STAC server did not return json. This is likely an issue with your access token. Please re-run cells from beginning and re-enter your token.")
        API_TOKEN = None

[36]:

test_STAC_server_request()

[36]:

{'type': 'Catalog',
 'id': 'stac-fastapi',
 'title': 'GEOAnalytics Canada STAC Server',
 'description': 'Search, store and browse metadata for EO datasets stored on GEOAnalytics Canada using this STAC Server. <p>View documentation and tutorials on how to use this service in the <a href="https://docs.geoanalytics.ca/1_getting_started/07-stac.html" target="_blank">GEOAnalytics Canada Documentation and Tutorials</a></p> ',
 'stac_version': '1.0.0',
 'conformsTo': ['https://api.stacspec.org/v1.0.0-beta.4/item-search',
  'https://api.stacspec.org/v1.0.0-beta.4/item-search/#context',
  'https://api.stacspec.org/v1.0.0-beta.4/item-search/#query',
  'http://www.opengis.net/spec/ogcapi-features-1/1.0/conf/core',
  'https://api.stacspec.org/v1.0.0-beta.4/ogcapi-features',
  'http://www.opengis.net/spec/ogcapi-features-1/1.0/conf/oas30',
  'https://api.stacspec.org/v1.0.0-beta.4/ogcapi-features/extensions/transaction/',
  'http://www.opengis.net/spec/ogcapi-features-4/1.0/conf/simpletx',
  'http://www.opengis.net/spec/ogcapi-features-1/1.0/conf/geojson',
  'https://api.stacspec.org/v1.0.0-beta.4/item-search/#sort',
  'https://api.stacspec.org/v1.0.0-beta.4/item-search/#fields',
  'https://api.stacspec.org/v1.0.0-beta.4/core'],
 'links': [{'rel': 'self',
   'type': 'application/json',
   'href': 'http://stac.eo4ph.geoanalytics.ca/'},
  {'rel': 'root',
   'type': 'application/json',
   'href': 'http://stac.eo4ph.geoanalytics.ca/'},
  {'rel': 'data',
   'type': 'application/json',
   'href': 'http://stac.eo4ph.geoanalytics.ca/collections'},
  {'rel': 'conformance',
   'type': 'application/json',
   'title': 'STAC/WFS3 conformance classes implemented by this server',
   'href': 'http://stac.eo4ph.geoanalytics.ca/conformance'},
  {'rel': 'search',
   'type': 'application/geo+json',
   'title': 'STAC search',
   'href': 'http://stac.eo4ph.geoanalytics.ca/search',
   'method': 'GET'},
  {'rel': 'search',
   'type': 'application/json',
   'title': 'STAC search',
   'href': 'http://stac.eo4ph.geoanalytics.ca/search',
   'method': 'POST'},
  {'rel': 'service-desc',
   'type': 'application/vnd.oai.openapi+json;version=3.0',
   'title': 'OpenAPI service description',
   'href': 'http://stac.eo4ph.geoanalytics.ca/api'},
  {'rel': 'service-doc',
   'type': 'text/html',
   'title': 'OpenAPI service documentation',
   'href': 'http://stac.eo4ph.geoanalytics.ca/api.html'}],
 'stac_extensions': ['https://raw.githubusercontent.com/radiantearth/stac-api-spec/v1.0.0-beta.4/fragments/context/json-schema/schema.json']}

If the above cell returns a dictionary with the STAC server’s header requests, then congratulations! You are authenticated! Otherwise, make sure you are assigning the correct authentication token to the API_TOKEN variable.

4. Logging in to the Container Registry#

Docker is an open platform tool designed for developing, deploying, and running applications using containers. Containers are used to combine the libraries, dependencies, and other parts of an application and deliver it as one package. Docker allows for efficient management of your infrastructure. GEOAnalytics Gitlab repositories each have a container registry associated with it.

Docker must be installed on your computer to access the container registry.

Visit https://docs.docker.com/ and install the application based on your Operating System.

4.2 Default Login Method#

Currently, accessing your registry is not possible through GEOAnalytics’ Jupyter environment. To access and manage your docker images, login to the registry through your desktop’s Command Prompt (Terminal) with the following steps:

  1. Type this command into terminal: docker login registry.eo4ph.geoanalytics.ca

  2. This will prompt you to enter your Username, followed by your password. (Password is not visible for security purposes)

If you get a “Success!” message, then you have gained access!

However, if you receive the error: “Error response from daemon: Get https://registry.eo4ph.geoanalytics.ca/: unauthorized: HTTP Basic: Access denied,” then we have a few more steps to get you connected!

ac01e114ce5746498234ad139ec50b5b