I'm trying to install Galaxy behind an Apache proxy using mod_auth_cas for user authentication. I've got a ways in but am now stuck with galaxy not getting the REMOTE_USER. Has anyone deployed with this module?

I have use_remote_user = true on in my universe_wsgi.ini along with a valid maildomain.


Here's my apache config:

NameVirtualHost galaxy.utah.edu:80
NameVirtualHost galaxy.utah.edu:443

CASLoginURL https://go.utah.edu/cas/login
CASValidateURL https://go.utah.edu/cas/serviceValidate
CASValidateServer Off
CASAllowWildcardCert On
CASCertificatePath /etc/pki/tls/certs/ca-bundle.trust.crt
CASCookiePath /var/run/mod_auth_cas/
CASTimeout 3600
CASIdleTimeout 1800
CASDebug On

<VirtualHost 155.101.xx.40:80>
   RedirectPermanent / https://galaxy.utah.edu/
</VirtualHost>

<VirtualHost galaxy.utah.edu:443>
   SSLEngine on
   SSLProtocol -ALL +SSLv3 +TLSv1
   SSLCipherSuite HIGH:-aNULL:-eNULL

   #   Export the SSL environment variables to scripts
   <Files ~ "\.(cgi|pl|shtml|phtml|php3?)$">
       SSLOptions +StdEnvVars
   </Files>

   #   Protocol adjustments for broken clients
   SetEnvIf User-Agent ".*MSIE.*" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0

   SSLCertificateFile      /etc/pki/tls/certs/wildcard.utah.edu.crt
   SSLCertificateKeyFile   /etc/pki/tls/certs/wildcard.utah.edu.key
   SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt


  <Proxy http://localhost:8080>
      Order deny,allow
      Allow from all
  </Proxy>
  RewriteEngine on


  <Location "/">
    AuthType CAS
    AuthName Galaxy
    Require valid-user

#    CASAuthNHeader REMOTE_SHMUSER

# Take the $REMOTE_USER environment variable and set it as a header in the proxy request.
    RewriteCond %{IS_SUBREQ} ^false$
    RewriteCond %{LA-U:REMOTE_USER} (.+)
#    RewriteCond %{LA-U:REMOTE_SHMUSER} (.+)
    RewriteRule . - [E=RU:%1]
    RequestHeader set REMOTE_USER %{RU}e

    XSendFile on
    XSendFilePath /
    # Compress all uncompressed content.
    SetOutputFilter DEFLATE
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI \.(?:t?gz|zip|bz2)$ no-gzip dont-vary
    SetEnvIfNoCase Request_URI /history/export_archive no-gzip dont-vary

    RequestHeader set X-URL-SCHEME https
  </Location>
  <Location "/static">
    # Allow browsers to cache everything from /static for 6 hours
    ExpiresActive On
    ExpiresDefault "access plus 6 hours"
  </Location>

  ServerName galaxy.utah.edu
RewriteRule ^/static/style/(.*) /uufs/utah.edu/sys/pkg/galaxy/std/static/june_2007_style/blue/$1 [L] RewriteRule ^/static/scripts/(.*) /uufs/utah.edu/sys/pkg/galaxy/std/static/scripts/packed/$1 [L]
  RewriteRule ^/static/(.*) /uufs/utah.edu/sys/pkg/galaxy/std/static/$1 [L]
RewriteRule ^/favicon.ico /uufs/utah.edu/sys/pkg/galaxy/std/static/favicon.ico [L] RewriteRule ^/robots.txt /uufs/utah.edu/sys/pkg/galaxy/std/static/robots.txt [L]
  RewriteRule ^(.*) http://localhost:8080$1 [P]

</VirtualHost>

Any help is appreciated.

Steve Harper
Systems Administrator
Center for High Performance Computing
University of Utah
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
 http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
 http://galaxyproject.org/search/mailinglists/

Reply via email to