On 16 Apr 2018, at 11:53, Martin Demko <[email protected]<mailto:[email protected]>> wrote:
Hi, I'm currently solving a problem with authentication to FTP service for users of our galaxy server. We've successfully established an authentication via shibboleth behind Nginx (not very easy, but doable :) but that also means that ProFTPD is not working anymore, as it doesn't support SAML authentication. So my question is obvious, I'm looking for an easy and free FTP server with SAML support, can anybody help me with an advice? I've already found CompleteFTP and CrushFTP but both are paid and one is Windows-only allegedly. So how do you - people using external authentication via SAML - do this? CrushFTP will support SAML auth only on HTTP transfers not FTP (the actual protocol) tranfers. SAML is HTTP centric spec, hooking it up to other non-HTTP portocols is diffcult, more info here : https://wiki.shibboleth.net/confluence/display/CONCEPT/ECP http://www.cilogon.org/ws/saml-outside-the-browser You will not find any single FTP (the actual protocol) server with SAML support. However, you can use HTTP uploader tools that you can hook up more or less easly with SAML (bear in mind that Galaxy needs to have access to files once uploaded which can add more complexity to the integration with thirdparty upload tools) And since you're down the HTTP uploading path, you may jus stick with Galaxy's own HTTP upload feature. If you need FTP, your best option, is to connect the ProfFTPD to the LDAP/AD server used by the SAML IdP itself. This setup can only work in a single oragnization (no SAML federation in action) If you have time, there are many JS libs that you can use to build a custom file uploader (with SAML auth, HTML5 and resuming support) : http://www.resumablejs.com https://tus.io (and even in this situation, it will be difficult to handle CLI based upload workflows) Youssef Ghorbal Institut Pasteur
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/
