We use Shib/SAML here at UAB.  ( - no, you can't 
get in :( )
We currently do it the "old way" in Apache with mod_shib.
We are planning an upgrade soon, sounds like the "old way" should still work 
until the new feature is implemented?
In our case, we also have to manipulate the user string to strip off the as part of this processing. It would be great if that were a 
configurable part of an external authenticator, so we need to twiddle code 
locally for that.


From: galaxy-dev [] On Behalf 
Of Keith Suderman
Sent: Monday, February 27, 2017 11:34 AM
To: Galaxy Dev List <>
Subject: [galaxy-dev] SAML Authentication

Is anyone using SAML for authentication?  There is a feature request for SAML 
support on GitHub (, but 
it doesn't look like any work has been done.

We need to add the ability for our users to authenticate with a SAML identity 
provider (IdP), in particular with InCommon/EduRoam/EduCause et al.  Looking at 
the documentation there appears to be "the old way" (configuring Apache/Nginx 
to do the authentication) and "the new way" where Galaxy handles the 
authentication.  Is it correct to assume that to use the new way I should 
implement an external authenticator, something like 
galaxy/auth/providers/ and then some sort of magic to get a 
config/auth_conf.xml working?

I just want to make sure I am heading down the correct path before investing 
too much time.

- Keith

Keith Suderman
Research Associate
Department of Computer Science
Vassar College, Poughkeepsie NY<>

Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

To search Galaxy mailing lists use the unified search at:

Reply via email to