Re: [galaxy-dev] local toolshed with remote-user=true and require-user=falase
Hi Nate: I'll look into an SSO situation... I assume this works because the front end to the toolshed can check to be sure that the admin requesting installation has an active session with the SSO server. ? Brad From: Nate Coraor Sent: Wednesday, February 26, 2014 9:01 AM To: Langhorst, Brad Cc: galaxy-dev@lists.bx.psu.edu Subject: Re: [galaxy-dev] local toolshed with remote-user=true and require-user=falase Hi Brad, If you're using HTTP Auth, that will be the case since HTTP Auth has no notion of sessions, the auth credentials must be provided with every request. For a more robust solution, you probably want to use an auth filter that creates an authentication session. Penn State uses Cosign for this, but there are other options. --nate On Feb 25, 2014, at 17:09, "Langhorst, Brad" mailto:langho...@neb.com>> wrote: Has anyone set up a local toolshed with external authentication? Is this expected to work? I have external auth working, but tools cannot be installed (403 forbidden) unless I turn of authentication. If i turn on remote-auth, i have to configure the webserver to ask for credentials otherwise i get an error page. It would make sense to have the webserver request credentials only for requests to a login page, but I don't see how to do that. For now I've just turned off remote-auth. Brad -- Brad Langhorst, Ph.D. Applications and Product Development Scientist ___ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ ___ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Re: [galaxy-dev] local toolshed with remote-user=true and require-user=falase
Hi Brad, If you're using HTTP Auth, that will be the case since HTTP Auth has no notion of sessions, the auth credentials must be provided with every request. For a more robust solution, you probably want to use an auth filter that creates an authentication session. Penn State uses Cosign for this, but there are other options. --nate On Feb 25, 2014, at 17:09, "Langhorst, Brad" wrote: > Has anyone set up a local toolshed with external authentication? > Is this expected to work? > > I have external auth working, but tools cannot be installed (403 forbidden) > unless I turn of authentication. > > If i turn on remote-auth, i have to configure the webserver to ask for > credentials otherwise i get an error page. > > It would make sense to have the webserver request credentials only for > requests to a login page, but I don’t see how to do that. > > For now I’ve just turned off remote-auth. > > Brad > -- > Brad Langhorst, Ph.D. > Applications and Product Development Scientist > > ___ > Please keep all replies on the list by using "reply all" > in your mail client. To manage your subscriptions to this > and other Galaxy lists, please use the interface at: > http://lists.bx.psu.edu/ > > To search Galaxy mailing lists use the unified search at: > http://galaxyproject.org/search/mailinglists/ ___ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Re: [galaxy-dev] local toolshed with remote-user=true and require-user=falase
I've set it up with external authentication but haven't tried to pull any tools from it yet...been meaning to get around to that. Good to know it would've failed anyway.Unfortunately "creds for login page only" is not how HTTP authentication works, so that's out of the question. My initial thought was that you'd have to disable authentication on some subpages specific to pulling tools from toolsheds. Before replying I decided to test the following: Satisfy Any Allow from all which should work just fine, but it does not. Moving on, one alternative I might suggest (and this is a small guess), is to have a specific galaxy user specified in whatever backend you're using for apache auth. Then use that username + password in the URL of the toolshed. e.g., However, I have not tested this and don't know if it would work. Hope that helps. Please let me know if you find a solution and I'll add it to the wiki. Cheers,Eric 25.02.2014, 22:15, "Langhorst, Brad" :Has anyone set up a local toolshed with external authentication?Is this expected to work? I have external auth working, but tools cannot be installed (403 forbidden) unless I turn of authentication. If i turn on remote-auth, i have to configure the webserver to ask for credentials otherwise i get an error page. It would make sense to have the webserver request credentials only for requests to a login page, but I don’t see how to do that. For now I’ve just turned off remote-auth. Brad--Brad Langhorst, Ph.D.Applications and Product Development Scientist,___Please keep all replies on the list by using "reply all"in your mail client. To manage your subscriptions to thisand other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ Eric RascheProgrammer IICenter for Phage TechnologyTexas A&M UnivesityCollege Station, TX 77843Ph: 4046922048 ___ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/