Hi All,

I have a need for authentication as a layer in front of Galaxy which is
more specialized than the available options -- specifically 3-legged OAuth
against site of my choice.

After looking into writing this in PHP and having the webserver (nginx) set
remote_user, I decided to nix that approach for a couple of reasons -- one
of which is that I don't have PHP experience.

After a few discussions with other devs, I've decided that there are two
easy options available to me:
- Write a WSGI app which does authentication, and *proxies* authenticated
requests to Galaxy with remote_user set. Since that's a WSGI app doing
proxying, obvious code smell there
- Write a WSGI middleware that wraps the existing Galaxy WSGI app, and
passes authenticated requests directly to the Galaxy app

That second solution seems much better, but I'm now faced with the question
of "How do I do it?"

Looking over the sample config, I see these lines:

# The factory for the WSGI application.  This should not be changed.
paste.app_factory = galaxy.web.buildapp:app_factory

I'm thinking that I could change that to my middleware, which will turn to
`galaxy.web.buildapp` when the time comes.

One problem I'm seeing is that my middleware and galaxy both have to run in
the same virtualenv, so there's potential for dependency conflicts.
The lib I want to use for this does rely on PyYAML and a few other things
which Galaxy also needs, so that possibility is very real.

Other than that hurdle, are there any gotchas I should be aware of with
this approach?
Are there similarly simple alternatives to this which I am not seeing?

Ultimately, if I have to write an app that does proxying, I'd prefer that
to the wide variety of highly effortful solutions I have envisioned.
Those include, but are not limited to, a PAM which does the OAuth and doing
Basic Authentication against that, just to give a flavor.

Thanks very much for your help,
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

To search Galaxy mailing lists use the unified search at:

Reply via email to