IANAAG, but the following should be secure and effective as well (at least
it works for me), setting REMOTE_USER with an Apache authentication module
in conjunction with ProxyPass
RequestHeader set REMOTE_USER %{REMOTE_USER}s
RequestHeader edit REMOTE_USER ^.*(.+?) $1
Cheers,
Paul
On 12-07-18 9:08 AM, Nate Coraor n...@bx.psu.edu wrote:
On Jul 16, 2012, at 6:42 PM, Smithies, Russell wrote:
I have a situation I¹m sure others have faced but I can¹t see how to
solve it without hacking the src and I¹d rather not do that just yet as
it complicates upgrades.
We¹re using Apache with NTLM and ³require valid user² so it¹s a
corporate domain and only authorized users are allowed access.
If I set ³use_remote_user = True² on universe_wsgi.ini then users are
denied as Apache is passing the domain and username e.g. REMOTE_USER =
DOMAIN\\username
I can¹t use a rewrite rule to fix it from Apache because then it¹s an
invalid username and the user can¹t log into the web, and if it¹s
passing DOMAIN\\username to Galaxy it doesn¹t match up with the Galaxy
username so I get a 403 error.
Is there a hidden option to strip the domain from the login or am I
going to have to start hacking?
Hi Russell,
In the Apache configuration, you should be able to modify the regex here:
RewriteCond %{LA-U:REMOTE_USER} (.+)
To strip your domain, e.g.:
RewriteCond %{LA-U:REMOTE_USER} DOMAIN\\(.+)
--nate
Thanx,
Russell Smithies
Infrastructure Technician
Invermay Agricultural Centre
Puddle Alley, Private Bag 50034, Mosgiel 9053, New Zealand
T +64 3 489 3809 F +64 3 489 3739 www.agresearch.co.nz
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
___
Please keep all replies on the list by using reply all
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/
___
Please keep all replies on the list by using reply all
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/
___
Please keep all replies on the list by using reply all
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/