On Nov 19, 2012, at 12:49 PM, Harris Shapiro wrote:

> Hello,
> I'm writing because I've been trying for the past few days to configure 
> Galaxy to use Apache-based LDAP authentication, but have reached a point 
> where I'm basically stuck.  The system in a virtual machine running:
> - CentOS 5.8
> - Apache 2.2.3
> I'm trying to configure a Galaxy instance at "localhost:8080", with Active 
> Directory authentication.
> I started with the admin page documentation:
> http://wiki.galaxyproject.org/Admin/Config/Apache%20Proxy
> and also worked through the troubleshooting examples found at:
> a) 
> http://user.list.galaxyproject.org/Galaxy-Apache-External-Authentication-tt4131493.html#a4131495
> b) http://gmod.827538.n3.nabble.com/galaxy-dev-ldap-integration-td839409.html
> c) http://lists.bx.psu.edu/pipermail/galaxy-dev/2010-January/001676.html
> Following the debugging steps suggested by URL (a), I'm able to verify that:
> 1) The authentication clause I have works, without rewrite rules and without 
> a proxy.
> 2) Without rewrite rules and a proxy, the Apache environment has the 
> AUTHENTICATE_SAMACCOUNTNAME and REMOTE_USER environment variables set.
> Unfortunately, when I turn on the proxy (setting "use_remote_user" and 
> "remote_user_maildomain" in universe_wsgi.ini accordingly), I get the 
> following error message when I try accessing the "localhost:8080" URL, the 
> following error message appears:
> "Access to Galaxy is denied
> Galaxy is configured to authenticate users via an external method (such as 
> HTTP authentication in Apache), but a username was not provided by the 
> upstream (proxy) server. This is generally due to a misconfiguration in the 
> upstream server.
> Please contact your local Galaxy administrator."
> As suggested by URLs (a) and (c), I modified 
> ./lib/galaxy/web/framework/middleware/remoteuser.py to print the environment 
> seen by that script.  None of the remote user information seems to be making 
> to the script, either from AUTHENTICATE_SAMACCOUNTNAME or REMOTE_USER, no 
> matter which of the suggested combinations of "RewriteCond", "RewriteRule", 
> and "RequestHeader" options I tried.  In addition, the troubleshooting 
> suggestions to force a REMOTE_USER value to be set via a directive like:
> RequestHeader add REMOTE_USER [user name]
> also failed to pass REMOTE_USER to the remoteuser.py script.
> I've included below an extract from the Apache configuration file that I've 
> been trying.  Any advice or assistance that people might be able to provide 
> would be greatly appreciated, and please let me know if you'd need any 
> additional information from me.

Hi Harris,

Have you tried upping the logging level for mod_rewrite as suggested by Assaf 
in (a)?  This should tell you exactly what is and is not being matched as 
Apache processes requests through those directives.


> Sincerely,
> Harris Shapiro
> Genomic Health, Inc.
> Extract from Apache configuration file:
> Note: I've also tried a variant where I replaced REMOTE_USER with 
> AUTHENTICATE_SAMACCOUNTNAME in the various RewriteCond & RequestHeader 
> directives.  That variant produced the same error message.
> <Proxy http://localhost:8080>
>         Order deny,allow
>         Allow from all
> </Proxy>
> RewriteEngine on
> <Location "/">
>         AuthType Basic
>         AuthName "Please log in with your Windows account"
>         AuthBasicProvider ldap
>         AuthLDAPURL [Verified LDAP connection information]
>         AuthzLDAPAuthoritative off
>         AuthLDAPBindDN [Verified DN]
>         AuthLDAPBindPassword [Verified password]
>         Require valid-user
>        RewriteCond %{IS_SUBREQ} ^false$
>        RewriteCond %{LA-U:REMOTE_USER} (.+)
>        RewriteRule . - [E=RU:%1]
>        RequestHeader set REMOTE_USER %{RU}e
> </Location>
> RewriteRule ^/static/style/(.*) 
> /home/hshapiro/software/galaxy/galaxy-dist/static/june_2007_style/blue/$1 [L]
> RewriteRule ^/static/scripts/(.*) 
> /home/hshapiro/software/galaxy/galaxy-dist/static/scripts/packed/$1 [L]
> RewriteRule ^/static/(.*) 
> /home/hshapiro/software/galaxy/galaxy-dist/static/$1 [L]
> RewriteRule ^/favicon.ico 
> /home/hshapiro/software/galaxy/galaxy-dist/static/favicon.ico [L]
> RewriteRule ^/robots.txt 
> /home/hshapiro/software/galaxy/galaxy-dist/static/robots.txt [L]
> RewriteRule ^(.*) http://localhost:8080$1 [P]
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>  http://lists.bx.psu.edu/

Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:


Reply via email to