Hi again,

I just realized that my setup is not going to work at all and does that
exact thing you just mentioned, even if you are logged in it will set the
REMOTE_USER to anonymous when you click on any /datasets URL.  This causes
some strange Galaxy history behavior!

oops,
Leandro

On Fri, Jul 1, 2011 at 10:36 AM, Leandro Hermida <soft...@leandrohermida.com
> wrote:

> Hi Shantanu,
>
> Thank you for your update,  I've done my config a little differently and it
> appears to work just the same.  The relevant part looks like this:
>
>    <Location />
>        ## ActiveDirectory authentication and authorization
>        AuthType Basic
>        AuthBasicProvider ldap
>        AuthName "R&D Galaxy Testing/QA Server"
>        AuthLDAPURL "ldap://my.server.com:389/OU=Users &
> Workstations,DC=domain,DC=com?sAMAccountName?sub?(|(objectClass=person)(objectClass=group))"
>
>        # ...more AuthLDAP directives here...
>
>        RequestHeader set REMOTE_USER %{AUTHENTICATE_sAMAccountName}e
>    </Location>
>
>    <Location /datasets>
>        Order Allow,Deny
>        Allow from All
>        Satisfy Any
>
>        RequestHeader set REMOTE_USER "anonymous"
>    </Location>
>
>    ## Static content and reverse proxy
>    RewriteEngine On
>    RewriteRule ^/static/style/(.*)
> /path/to/galaxy/galaxy_dist/static/june_2007_style/blue/$1 [L]
>    RewriteRule ^/static/scripts/(.*)
> /path/to/galaxy/galaxy_dist/static/scripts/packed/$1 [L]
>    RewriteRule ^/static/(.*) /path/to/galaxy/galaxy_dist/static/$1 [L]
>    RewriteRule ^/favicon.ico /path/to/galaxy/galaxy_dist/static/favicon.ico
> [L]
>    RewriteRule ^/robots.txt /path/to/galaxy/galaxy_dist/static/robots.txt
> [L]
>    RewriteRule ^(.*) http://galaxy.server.hostname:8080 [P]
>
>
>
>
> On Fri, Jul 1, 2011 at 12:13 AM, Shantanu Pavgi <pa...@uab.edu> wrote:
> >
> > On Jun 30, 2011, at 6:34 AM, Leandro Hermida wrote:
> >
> >> Hi Nate and Shantanu,
> >>
> >> Thanks so much for the clear guidance, this works and sorry I didn't
> >> read the Apache docs properly
> >>
> >> best,
> >> Leandro
> >>
> >> On Thu, Jun 30, 2011 at 6:14 AM, Shantanu Pavgi <pa...@uab.edu> wrote:
> >>>
> >>> On Jun 29, 2011, at 12:21 PM, Nate Coraor wrote:
> >>>
> >>> Leandro Hermida wrote:
> >>>
> >>> Hi Shantanu,
> >>>
> >>> In your Apache configuration exactly how did you set up an anonymous
> >>>
> >>> REMOTE_USER just for specific locations like the /datasets/ path?  I'm
> just
> >>>
> >>> looking at the Apache docs and the RequestHeader directive has a
> context of
> >>>
> >>> the entire VirtualHost and cannot be put into a Location container so
> I'm
> >>>
> >>> not sure how to do it.
> >>>
> >>> Hi Leandro,
> >>>
> >>> See the optional 'env=' argument and docs on the same for ways to make
> >>> RequestHeader conditional:
> >>>
> >>>
> http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader
> >>>
> >>> So, depending on the path accessed, you should be able to have
> >>> mod_rewrite set an environment variable specifying which REMOTE_USER
> >>> (real username or fake anonymouse user) should be set.
> >>>
> >>> You could also just set it as the anonymous user to start with and then
> >>> use 'RequestHeader set' to overwrite it with the real username in the
> >>> case that a real username is available.
> >>>
> >>> This is all just from glancing at the docs, though, I have not tried
> any
> >>> of it out, and this sort of Apache trickery is always difficult to get
> >>> right.
> >>>
> >>> --nate
> >>>
> >>>
> >>>
> >>> Leandro,
> >>> The RequestHeader has a context of 'directory' as well, which includes
> >>> <Directory>, <Location>, <Files>, and <Proxy> containers [1]. So you
> should
> >>> be able to use it in Location directive.
> >>> Following is a configuration snippet related to what Nate described in
> his
> >>> earlier response. We are setting REMOTE_USER variable to anonymous when
> it's
> >>> not set/empty.
> >>>         <Location ~ "/(datasets|history)/">
> >>>                 AuthType shibboleth
> >>>                 ShibRequireSession off
> >>>                 Require shibboleth
> >>>                 RewriteCond %{LA-U:REMOTE_USER} =""
> >>>                 RequestHeader set REMOTE_USER "anonymous"
> >>>         </Location>
> >>> Hope this helps.
> >>>
> >>> 1.
> http://httpd.apache.org/docs/current/mod/directive-dict.html#Context
> >>> --
> >>> Shantanu.
> >>>
> >
> >
> > Leandro,
> >
> > I realized that above mentioned configuration is wrong. It will set
> RequestHeader to 'anonymous' regardless of authentication status. I think
> following config should work (still testing). In our case it resides outside
> of Location directive now. You may need to adjust it according to your
> setup:
> >
> > {{{
> >        # Take the  environment variable and set it as a header in the
> proxy request.
> >        RewriteCond %{IS_SUBREQ} ^false$
> >        RewriteCond %{LA-U:REMOTE_USER} (.+)
> >        RewriteRule . - [E=RU:%1]
> >        # Set RU to anonymous if No REMOTE_USER
> >        RewriteCond %{IS_SUBREQ} ^false$
> >        RewriteCond %{LA-U:REMOTE_USER} =""
> >        RewriteRule . - [E=RU:"anonymous"]
> >        # Set RequestHeader
> >        RequestHeader set REMOTE_USER %{RU}e
> > }}}
> >
> >
> > --
> > Shantanu.
> >
> >
>
>
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/

Reply via email to