-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Tim,

Amazing! Thank you for sharing that code. That'll save me some work when
I get around to implementing it on my galaxies. I'll add a Wiki page for
it later today, lest this knowledge be lost to the mailing list.

Cheers,
Eric

On 01/27/2014 06:27 AM, Tim Booth wrote:
> Hi,
> 
> I'm currently using one of those hacks, and it seems to work nicely for
> the user (Chrome + FF at least) but it does need some messy setting up
> in Apache and some cunning redirects in place.  I've pasted the relevant
> file fragments below.  It's somewhat confounded with my stuff to enable
> SFTP uploads but hopefully you get the idea and the original explanation
> on Stackoverflow is pretty good.  The remote_user_logout_href is
> something I got to by trial and error.
> 
> Cheers,
> 
> TIM
> 
> ===
> 
> % cat /usr/share/galaxy-server/logout/.htaccess 
> # HaCk based on 
> http://stackoverflow.com/questions/4163122/http-basic-authentication-log-out
> # Authname must match the one in ../proxy/.htaccess
> 
> AuthType Basic
> AuthName Galaxy_Server
> 
> AuthUserFile /usr/share/galaxy-server/logout/.htpasswd
> Require user logout
> 
> ===
> 
> % cat /usr/share/galaxy-server/logout/.htpasswd
> #Password is logout.  This in not a secret.
> logout:$apr1$0eB1iURY$kwqa0c8tXksbjPQLYqr6s.
> 
> ===
> 
> % cat /usr/share/galaxy-server/proxy/.htaccess
> # Security settings for Galaxy proxied via Apache.  Note the actual
> # proxy config is under /etc/apache2/conf.d/galaxy.  If for some 
> # reason you wanted Apache proxy with internal Galaxy authentication 
> # then you could remove this file and Apache would no longer insist on
> # authentication.
> AuthBasicProvider external
> AuthExternal pwauth
> AuthType Basic
> AuthName Galaxy_Server
> 
> #I'd like to do this, but it upsets Firefox. Use ErrorDocument instead.
> # AuthName "Galaxy Server: \
> # Log in with regular username and password. \
> # Users need to be in the galaxy system group."
> 
> ErrorDocument 401 "<html>\
> <title>401 Authorization Required</title>\
> <h1>Log-in to Galaxy failed</h1>\
> <p>You should have been prompted to log into the Galaxy server. \
> You need to give your regular system username and password. \
> Please reload this page to try again.</p>\
> <p>If this fails, check that you are a member of the galaxy system
> group, by \
> running <code>groups</code> on the command line.</p>\
> <p>To add a user, eg. user1, to this group, you may use the
> command:</p>\
> <ul><li><code>sudo usermod -aG galaxy user1</code></ul></li>\
> </html>"
> 
> # You may want to comment these 2 lines out or to
> # change the group required, but users still need to
> # be in the galaxy group for SFTP uploads to work properly.
> AuthzUnixgroup on
> Require group galaxy
> 
> # This is needed to tell Galaxy about the remote
> # user.
> RequestHeader set REMOTE_USER %{RU}e env=RU
> RequestHeader unset Authorization env=RU
> 
> ===
> 
> % cat /etc/galaxy-server/universe_wsgi.d/31_apache-proxy.ini                  
>        
> # Settings added by debian-galaxy-apache-proxy to switch Galaxy over to
> # authenticating by real user accounts and also permitting uploads.
> 
> [app:main]
> 
> # Other scripts assume that maildomain is localhsot, so you can't just
> # change the setting below and expect everythig to work.
> use_remote_user = True
> remote_user_maildomain = localhost
> 
> # Users may copy files here directly or upload via SFTP/SCP
> ftp_upload_dir = /var/lib/galaxy-server/transfer
> ftp_upload_site = *** Transfer files via SCP or SFTP to 
> /var/lib/galaxy-server/transfer/... ***
> 
> # There is no neat way to log out a user with Basic Auth, but here is a 
> non-neat way.
> # Not yet tested on IE.
> remote_user_logout_href = javascript:var r=new 
> XMLHttpRequest();r.onreadystatechange=function(){if(r.readyState==4)window.location.replace('logout.html')};r.open('get','logout.html',true,'logout','logout');r.send();
> 
> ===
> 
- --
Eric Rasche
Programmer II
Center for Phage Technology
Texas A&M University
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iQIcBAEBAgAGBQJS5nOgAAoJEMqDXdrsMcpVunUQAL1SwYf3Rux5wFKEkt35c7yc
YLrscQm0dTK3P/mzin29D/mr1qFYJbBBKx1wk4e4mG6qeLlX97x1JH/YdeNtT/9l
E2nFt4H/BKH4/5N6WDLnR4A+fkkbG3oXeBXf07s70vqQFrfhtDrA42VH2SfEWfVn
xp6O4hg72M7p07QiYe3B/jUerKxJ6Z354GDGjpbuoDNDMvJlbiD79hIZAkHltsJS
ubsyV3eiL0v+YwY4XV4oL8Lf72023P/38SizLgRbT0MRhQCzotpVlxEV55IT/KNd
Sj0/ggBQmy+uQv81J6qZ+dQILhPYiWR39jJq2IhfsQ06TyASrSs2sOuXZG33k//L
/aScLX2wOqjpgL5UOETqFSm1CzLUdJ+S9pR/cxmVGE8v92w/mnVwxYQrEzdmSpfw
1ouw77rOXtrVuL4GrcHoXeXQZIIumf7PrdLeTJzorrD/QKi7qh/M5ohMeoZqivkM
0yYXQpOOEat86f1HoLspWVH0kLUk0CCx9V0YxbL6sZ9xfMOJovWWPF+Ih4o3Xb+J
8NQn+NW7VROGQbx8nBaltx5WwZuq9KrAdQOduGbD6wWoHCO0P+Ix/O6hdjeHampu
eloRLoSJWP03XyKnsrrDpzrf+JbVkbN+5rJz6O+u6JyEFuF1MJssjAQ0FqxvaC2w
Zc89sZrfuOXE8krggNLJ
=gZ/s
-----END PGP SIGNATURE-----
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

Reply via email to