From tbooth@ceh.ac.uk Mon Jan 27 07:27:07 2014 From: Tim Booth To: galaxy-dev@lists.galaxyproject.org Subject: Re: [galaxy-dev] Remote User Logout Date: Mon, 27 Jan 2014 12:27:53 +0000 Message-ID: <1390825673.20492.65.camel@balisaur> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2255533394443404437==" --===============2255533394443404437== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, I'm currently using one of those hacks, and it seems to work nicely for the user (Chrome + FF at least) but it does need some messy setting up in Apache and some cunning redirects in place. I've pasted the relevant file fragments below. It's somewhat confounded with my stuff to enable SFTP uploads but hopefully you get the idea and the original explanation on Stackoverflow is pretty good. The remote_user_logout_href is something I got to by trial and error. Cheers, TIM =3D=3D=3D % cat /usr/share/galaxy-server/logout/.htaccess=20 # HaCk based on http://stackoverflow.com/questions/4163122/http-basic-authent= ication-log-out # Authname must match the one in ../proxy/.htaccess AuthType Basic AuthName Galaxy_Server AuthUserFile /usr/share/galaxy-server/logout/.htpasswd Require user logout =3D=3D=3D % cat /usr/share/galaxy-server/logout/.htpasswd #Password is logout. This in not a secret. logout:$apr1$0eB1iURY$kwqa0c8tXksbjPQLYqr6s. =3D=3D=3D % cat /usr/share/galaxy-server/proxy/.htaccess # Security settings for Galaxy proxied via Apache. Note the actual # proxy config is under /etc/apache2/conf.d/galaxy. If for some=20 # reason you wanted Apache proxy with internal Galaxy authentication=20 # then you could remove this file and Apache would no longer insist on # authentication. AuthBasicProvider external AuthExternal pwauth AuthType Basic AuthName Galaxy_Server #I'd like to do this, but it upsets Firefox. Use ErrorDocument instead. # AuthName "Galaxy Server: \ # Log in with regular username and password. \ # Users need to be in the galaxy system group." ErrorDocument 401 "\ 401 Authorization Required\

Log-in to Galaxy failed

\

You should have been prompted to log into the Galaxy server. \ You need to give your regular system username and password. \ Please reload this page to try again.

\

If this fails, check that you are a member of the galaxy system group, by \ running groups on the command line.

\

To add a user, eg. user1, to this group, you may use the command:

\ \ " # You may want to comment these 2 lines out or to # change the group required, but users still need to # be in the galaxy group for SFTP uploads to work properly. AuthzUnixgroup on Require group galaxy # This is needed to tell Galaxy about the remote # user. RequestHeader set REMOTE_USER %{RU}e env=3DRU RequestHeader unset Authorization env=3DRU =3D=3D=3D % cat /etc/galaxy-server/universe_wsgi.d/31_apache-proxy.ini = =20 # Settings added by debian-galaxy-apache-proxy to switch Galaxy over to # authenticating by real user accounts and also permitting uploads. [app:main] # Other scripts assume that maildomain is localhsot, so you can't just # change the setting below and expect everythig to work. use_remote_user =3D True remote_user_maildomain =3D localhost # Users may copy files here directly or upload via SFTP/SCP ftp_upload_dir =3D /var/lib/galaxy-server/transfer ftp_upload_site =3D *** Transfer files via SCP or SFTP to /var/lib/galaxy-ser= ver/transfer/... *** # There is no neat way to log out a user with Basic Auth, but here is a non-n= eat way. # Not yet tested on IE. remote_user_logout_href =3D javascript:var r=3Dnew XMLHttpRequest();r.onready= statechange=3Dfunction(){if(r.readyState=3D=3D4)window.location.replace('logo= ut.html')};r.open('get','logout.html',true,'logout','logout');r.send(); =3D=3D=3D --=20 Tim Booth NERC Environmental Bioinformatics Centre=20 Centre for Ecology and Hydrology Maclean Bldg, Benson Lane Crowmarsh Gifford Wallingford, England OX10 8BB=20 http://nebc.nerc.ac.uk +44 1491 69 2705 --===============2255533394443404437==-- From rasche.eric@yandex.ru Mon Jan 27 09:56:47 2014 From: Eric Rasche To: galaxy-dev@lists.galaxyproject.org Subject: Re: [galaxy-dev] Remote User Logout Date: Mon, 27 Jan 2014 08:56:33 -0600 Message-ID: <52E673A1.4020906@yandex.ru> In-Reply-To: <1390825673.20492.65.camel@balisaur> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8486911956510455797==" --===============8486911956510455797== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Tim, Amazing! Thank you for sharing that code. That'll save me some work when I get around to implementing it on my galaxies. I'll add a Wiki page for it later today, lest this knowledge be lost to the mailing list. Cheers, Eric On 01/27/2014 06:27 AM, Tim Booth wrote: > Hi, >=20 > I'm currently using one of those hacks, and it seems to work nicely for > the user (Chrome + FF at least) but it does need some messy setting up > in Apache and some cunning redirects in place. I've pasted the relevant > file fragments below. It's somewhat confounded with my stuff to enable > SFTP uploads but hopefully you get the idea and the original explanation > on Stackoverflow is pretty good. The remote_user_logout_href is > something I got to by trial and error. >=20 > Cheers, >=20 > TIM >=20 > =3D=3D=3D >=20 > % cat /usr/share/galaxy-server/logout/.htaccess=20 > # HaCk based on http://stackoverflow.com/questions/4163122/http-basic-authe= ntication-log-out > # Authname must match the one in ../proxy/.htaccess >=20 > AuthType Basic > AuthName Galaxy_Server >=20 > AuthUserFile /usr/share/galaxy-server/logout/.htpasswd > Require user logout >=20 > =3D=3D=3D >=20 > % cat /usr/share/galaxy-server/logout/.htpasswd > #Password is logout. This in not a secret. > logout:$apr1$0eB1iURY$kwqa0c8tXksbjPQLYqr6s. >=20 > =3D=3D=3D >=20 > % cat /usr/share/galaxy-server/proxy/.htaccess > # Security settings for Galaxy proxied via Apache. Note the actual > # proxy config is under /etc/apache2/conf.d/galaxy. If for some=20 > # reason you wanted Apache proxy with internal Galaxy authentication=20 > # then you could remove this file and Apache would no longer insist on > # authentication. > AuthBasicProvider external > AuthExternal pwauth > AuthType Basic > AuthName Galaxy_Server >=20 > #I'd like to do this, but it upsets Firefox. Use ErrorDocument instead. > # AuthName "Galaxy Server: \ > # Log in with regular username and password. \ > # Users need to be in the galaxy system group." >=20 > ErrorDocument 401 "\ > 401 Authorization Required\ >

Log-in to Galaxy failed

\ >

You should have been prompted to log into the Galaxy server. \ > You need to give your regular system username and password. \ > Please reload this page to try again.

\ >

If this fails, check that you are a member of the galaxy system > group, by \ > running groups on the command line.

\ >

To add a user, eg. user1, to this group, you may use the > command:

\ >
  • sudo usermod -aG galaxy user1
\ > " >=20 > # You may want to comment these 2 lines out or to > # change the group required, but users still need to > # be in the galaxy group for SFTP uploads to work properly. > AuthzUnixgroup on > Require group galaxy >=20 > # This is needed to tell Galaxy about the remote > # user. > RequestHeader set REMOTE_USER %{RU}e env=3DRU > RequestHeader unset Authorization env=3DRU >=20 > =3D=3D=3D >=20 > % cat /etc/galaxy-server/universe_wsgi.d/31_apache-proxy.ini = =20 > # Settings added by debian-galaxy-apache-proxy to switch Galaxy over to > # authenticating by real user accounts and also permitting uploads. >=20 > [app:main] >=20 > # Other scripts assume that maildomain is localhsot, so you can't just > # change the setting below and expect everythig to work. > use_remote_user =3D True > remote_user_maildomain =3D localhost >=20 > # Users may copy files here directly or upload via SFTP/SCP > ftp_upload_dir =3D /var/lib/galaxy-server/transfer > ftp_upload_site =3D *** Transfer files via SCP or SFTP to /var/lib/galaxy-s= erver/transfer/... *** >=20 > # There is no neat way to log out a user with Basic Auth, but here is a non= -neat way. > # Not yet tested on IE. > remote_user_logout_href =3D javascript:var r=3Dnew XMLHttpRequest();r.onrea= dystatechange=3Dfunction(){if(r.readyState=3D=3D4)window.location.replace('lo= gout.html')};r.open('get','logout.html',true,'logout','logout');r.send(); >=20 > =3D=3D=3D >=20 - -- Eric Rasche Programmer II Center for Phage Technology Texas A&M University -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQIcBAEBAgAGBQJS5nOgAAoJEMqDXdrsMcpVunUQAL1SwYf3Rux5wFKEkt35c7yc YLrscQm0dTK3P/mzin29D/mr1qFYJbBBKx1wk4e4mG6qeLlX97x1JH/YdeNtT/9l E2nFt4H/BKH4/5N6WDLnR4A+fkkbG3oXeBXf07s70vqQFrfhtDrA42VH2SfEWfVn xp6O4hg72M7p07QiYe3B/jUerKxJ6Z354GDGjpbuoDNDMvJlbiD79hIZAkHltsJS ubsyV3eiL0v+YwY4XV4oL8Lf72023P/38SizLgRbT0MRhQCzotpVlxEV55IT/KNd Sj0/ggBQmy+uQv81J6qZ+dQILhPYiWR39jJq2IhfsQ06TyASrSs2sOuXZG33k//L /aScLX2wOqjpgL5UOETqFSm1CzLUdJ+S9pR/cxmVGE8v92w/mnVwxYQrEzdmSpfw 1ouw77rOXtrVuL4GrcHoXeXQZIIumf7PrdLeTJzorrD/QKi7qh/M5ohMeoZqivkM 0yYXQpOOEat86f1HoLspWVH0kLUk0CCx9V0YxbL6sZ9xfMOJovWWPF+Ih4o3Xb+J 8NQn+NW7VROGQbx8nBaltx5WwZuq9KrAdQOduGbD6wWoHCO0P+Ix/O6hdjeHampu eloRLoSJWP03XyKnsrrDpzrf+JbVkbN+5rJz6O+u6JyEFuF1MJssjAQ0FqxvaC2w Zc89sZrfuOXE8krggNLJ =3DgZ/s -----END PGP SIGNATURE----- --===============8486911956510455797==-- From clements@galaxyproject.org Mon Jan 27 12:48:00 2014 From: Dave Clements To: galaxy-dev@lists.galaxyproject.org Subject: Re: [galaxy-dev] Remote User Logout Date: Mon, 27 Jan 2014 09:47:12 -0800 Message-ID: In-Reply-To: <52E673A1.4020906@yandex.ru> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4637230447080953558==" --===============4637230447080953558== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hi Eric, Tim, > > Hi Tim, > > Amazing! Thank you for sharing that code. That'll save me some work when > I get around to implementing it on my galaxies. I'll add a Wiki page for > it later today, lest this knowledge be lost to the mailing list. > That is an excellent suggestion. I've created a log board entry for it.: https://wiki.galaxyproject.org/Community/Logs The first for 2014. Feel free to edit, or send me revisions. Thanks, Dave C. -- http://galaxyproject.org/ http://getgalaxy.org/ http://usegalaxy.org/ http://wiki.galaxyproject.org/ --===============4637230447080953558== Content-Type: text/html Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.htm" MIME-Version: 1.0 PGRpdiBkaXI9Imx0ciI+SGkgRXJpYywgVGltLDxkaXYgY2xhc3M9ImdtYWlsX2V4dHJhIj48ZGl2 IGNsYXNzPSJnbWFpbF9xdW90ZSI+PGJsb2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBzdHls ZT0ibWFyZ2luOjBweCAwcHggMHB4IDAuOGV4O2JvcmRlci1sZWZ0LXdpZHRoOjFweDtib3JkZXIt bGVmdC1jb2xvcjpyZ2IoMjA0LDIwNCwyMDQpO2JvcmRlci1sZWZ0LXN0eWxlOnNvbGlkO3BhZGRp bmctbGVmdDoxZXgiPgoKPGRpdiBjbGFzcz0iaW0iPjxicj4KPC9kaXY+SGkgVGltLDxicj4KPGJy PgpBbWF6aW5nISBUaGFuayB5b3UgZm9yIHNoYXJpbmcgdGhhdCBjb2RlLiBUaGF0JiMzOTtsbCBz YXZlIG1lIHNvbWUgd29yayB3aGVuPGJyPgpJIGdldCBhcm91bmQgdG8gaW1wbGVtZW50aW5nIGl0 IG9uIG15IGdhbGF4aWVzLiBJJiMzOTtsbCBhZGQgYSBXaWtpIHBhZ2UgZm9yPGJyPgppdCBsYXRl ciB0b2RheSwgbGVzdCB0aGlzIGtub3dsZWRnZSBiZSBsb3N0IHRvIHRoZSBtYWlsaW5nIGxpc3Qu PGJyPjwvYmxvY2txdW90ZT48ZGl2Pjxicj48L2Rpdj48ZGl2PlRoYXQgaXMgYW4gZXhjZWxsZW50 IHN1Z2dlc3Rpb24uIJpJJiMzOTt2ZSBjcmVhdGVkIGEgbG9nIGJvYXJkIGVudHJ5IGZvciBpdC46 PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj6aIDxhIGhyZWY9Imh0dHBzOi8vd2lraS5nYWxheHlw cm9qZWN0Lm9yZy9Db21tdW5pdHkvTG9ncyI+aHR0cHM6Ly93aWtpLmdhbGF4eXByb2plY3Qub3Jn L0NvbW11bml0eS9Mb2dzPC9hPjxicj4KCjwvZGl2PjxkaXY+mjwvZGl2PjxkaXY+VGhlIGZpcnN0 IGZvciAyMDE0LiCaRmVlbCBmcmVlIHRvIGVkaXQsIG9yIHNlbmQgbWUgcmV2aXNpb25zLjwvZGl2 PjxkaXY+PGJyPjwvZGl2PjxkaXY+VGhhbmtzLDwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+RGF2 ZSBDLjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+LS2aPGJyPjwvZGl2PjwvZGl2PjxkaXYgZGly PSJsdHIiPjxhIGhyZWY9Imh0dHA6Ly9nYWxheHlwcm9qZWN0Lm9yZy8iIHRhcmdldD0iX2JsYW5r Ij5odHRwOi8vZ2FsYXh5cHJvamVjdC5vcmcvPC9hPjxicj4KCjxhIGhyZWY9Imh0dHA6Ly9nZXRn YWxheHkub3JnLyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHA6Ly9nZXRnYWxheHkub3JnLzwvYT48YnI+ PGEgaHJlZj0iaHR0cDovL3VzZWdhbGF4eS5vcmcvIiB0YXJnZXQ9Il9ibGFuayI+aHR0cDovL3Vz ZWdhbGF4eS5vcmcvPC9hPjxicj48YSBocmVmPSJodHRwOi8vd2lraS5nYWxheHlwcm9qZWN0Lm9y Zy8iIHRhcmdldD0iX2JsYW5rIj5odHRwOi8vd2lraS5nYWxheHlwcm9qZWN0Lm9yZy88L2E+PGJy PgoKPC9kaXY+CjwvZGl2PjwvZGl2Pgo= --===============4637230447080953558==-- From rasche.eric@yandex.ru Mon Jan 27 14:56:19 2014 From: Eric Rasche To: galaxy-dev@lists.galaxyproject.org Subject: Re: [galaxy-dev] Remote User Logout Date: Mon, 27 Jan 2014 13:56:06 -0600 Message-ID: <52E6B9D6.3010208@yandex.ru> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7565633515581442008==" --===============7565633515581442008== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I figured this was as good of a time as any... I moved the AD/LDAP/External authentication out of the Apache Proxy page (who would think to look there?) and into its own page. I added my organisation's information on mod_auth_kerb while I was at it. That seemed like a reasonable place to put this sort of information. I've also reduced the solution to just the necessary portions, but it would need to be tested by someone. https://wiki.galaxyproject.org/Admin/Config/ExternalUserDatbases#Logging_out_= Basic_Auth.27d_Users I suggest we re-link the community log page to that subsection as it has more related information, if that is amenable to everyone. On 01/27/2014 11:47 AM, Dave Clements wrote: > Hi Eric, Tim, > >> >> Hi Tim, >> >> Amazing! Thank you for sharing that code. That'll save me some work when >> I get around to implementing it on my galaxies. I'll add a Wiki page for >> it later today, lest this knowledge be lost to the mailing list. >> > > That is an excellent suggestion. I've created a log board entry for it.: > > https://wiki.galaxyproject.org/Community/Logs > > The first for 2014. Feel free to edit, or send me revisions. > > Thanks, > > Dave C. > Cheers, Eric - --=20 Eric Rasche Programmer II Center for Phage Technology Texas A&M University College Station, TX 77843 404-692-2048 esr(a)tamu.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJS5rnVAAoJEMqDXdrsMcpVG+oQAIdCRLGJKMvgsb9kVqbzeUGA kZcCfIqImxzpbKeCXFdTnb4nKQSFzY4zLXavox9VLjrr4sx76rxhF91hi8B8peLt EcwxSr9ytqOtjkkWSkI3bXIE9CKapzDTWcBa4ezHHoPoZvDznQ7OV9JBU0BGInpS Fa5IYfTdl7cAawxkaTlomTBAwthJ08UQp1DwJRmxcyYm5FN8ktvX7u0YK3RO1zXb ykfpslIlVIZMvRci0xtI5SsOHQWF63PJODLtnwl90759wYhZI8qFfdw/i0qc/HRU +Y0T79lE7eZf10FKhTXFDeweDkUc1xgc5JrCdVUmPcSS9NMR8MGL96Rm938PbJE6 fg/fM00BZ85T3BHDoIHKPRXdUIV0MDkmEw8Z0yeuKDYDPJ+SE+CjVPhHByeiB1hH 3kUeWbHrWgSdp0OYJuhHoUjBfJAlAUDSeYOy9vKi4LN1ZYG3acQl0LAfxYPgOE92 cs4+BqCgZ7vastYET5DqiLodrmNkDGwdnm3O5XVQS2fCZT7RePpmboMpHgDMDaO3 OgavZ9RpJdt5h68GAOE9Q/IK+Y7bblBfRrSrANpvUIWXfLei+IFaQZPTN59v9J8v OwHSq4H74l/MQ8b+q+bhjU472QJZ2m6otO1KkNG4pqOIgtiqYnWrp36uMqWsjYHK aoFRah4xHnutVPa0eh09 =3DxBnU -----END PGP SIGNATURE----- --===============7565633515581442008== Content-Type: text/html Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.htm" MIME-Version: 1.0 PGh0bWw+CiAgPGhlYWQ+CiAgICA8bWV0YSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9S09J OC1SIiBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiPgogIDwvaGVhZD4KICA8Ym9keSBiZ2NvbG9y PSIjRkZGRkZGIiB0ZXh0PSIjMDAwMDAwIj4KICAgIDxicj4KICAgIC0tLS0tQkVHSU4gUEdQIFNJ R05FRCBNRVNTQUdFLS0tLS08YnI+CiAgICBIYXNoOiBTSEExPGJyPgogICAgPGJyPgogICAgSSBm aWd1cmVkIHRoaXMgd2FzIGFzIGdvb2Qgb2YgYSB0aW1lIGFzIGFueS4uLjxicj4KICAgIEkgbW92 ZWQgdGhlIEFEL0xEQVAvRXh0ZXJuYWwgYXV0aGVudGljYXRpb24gb3V0IG9mIHRoZSBBcGFjaGUg UHJveHkKICAgIHBhZ2UgKHdobyB3b3VsZCB0aGluayB0byBsb29rIHRoZXJlPykgYW5kIGludG8g aXRzIG93biBwYWdlLiBJIGFkZGVkCiAgICBteSBvcmdhbmlzYXRpb24ncyBpbmZvcm1hdGlvbiBv biBtb2RfYXV0aF9rZXJiIHdoaWxlIEkgd2FzIGF0IGl0Ljxicj4KICAgIDxicj4KICAgIFRoYXQg c2VlbWVkIGxpa2UgYSByZWFzb25hYmxlIHBsYWNlIHRvIHB1dCB0aGlzIHNvcnQgb2YgaW5mb3Jt YXRpb24uCiAgICBJJ3ZlIGFsc28gcmVkdWNlZCB0aGUgc29sdXRpb24gdG8ganVzdCB0aGUgbmVj ZXNzYXJ5IHBvcnRpb25zLCBidXQKICAgIGl0IHdvdWxkIG5lZWQgdG8gYmUgdGVzdGVkIGJ5IHNv bWVvbmUuPGJyPgogICAgPGJyPgo8YSBjbGFzcz0ibW96LXR4dC1saW5rLWZyZWV0ZXh0IiBocmVm PSJodHRwczovL3dpa2kuZ2FsYXh5cHJvamVjdC5vcmcvQWRtaW4vQ29uZmlnL0V4dGVybmFsVXNl ckRhdGJhc2VzI0xvZ2dpbmdfb3V0X0Jhc2ljX0F1dGguMjdkX1VzZXJzIj5odHRwczovL3dpa2ku Z2FsYXh5cHJvamVjdC5vcmcvQWRtaW4vQ29uZmlnL0V4dGVybmFsVXNlckRhdGJhc2VzI0xvZ2dp bmdfb3V0X0Jhc2ljX0F1dGguMjdkX1VzZXJzPC9hPjxicj4KICAgIDxicj4KICAgIEkgc3VnZ2Vz dCB3ZSByZS1saW5rIHRoZSBjb21tdW5pdHkgbG9nIHBhZ2UgdG8gdGhhdCBzdWJzZWN0aW9uIGFz IGl0CiAgICBoYXMgbW9yZSByZWxhdGVkIGluZm9ybWF0aW9uLCBpZiB0aGF0IGlzIGFtZW5hYmxl IHRvIGV2ZXJ5b25lLjxicj4KICAgIDxicj4KICAgIDxicj4KICAgIE9uIDAxLzI3LzIwMTQgMTE6 NDcgQU0sIERhdmUgQ2xlbWVudHMgd3JvdGU6PGJyPgogICAgPHNwYW4gc3R5bGU9IndoaXRlLXNw YWNlOiBwcmU7Ij4mZ3Q7IEhpIEVyaWMsIFRpbSw8YnI+CiAgICAgICZndDs8YnI+CiAgICAgICZn dDsmZ3Q7PGJyPgogICAgICAmZ3Q7Jmd0OyBIaSBUaW0sPGJyPgogICAgICAmZ3Q7Jmd0Ozxicj4K ICAgICAgJmd0OyZndDsgQW1hemluZyEgVGhhbmsgeW91IGZvciBzaGFyaW5nIHRoYXQgY29kZS4g VGhhdCdsbCBzYXZlIG1lCiAgICAgIHNvbWUgd29yayB3aGVuPGJyPgogICAgICAmZ3Q7Jmd0OyBJ IGdldCBhcm91bmQgdG8gaW1wbGVtZW50aW5nIGl0IG9uIG15IGdhbGF4aWVzLiBJJ2xsIGFkZAog ICAgICBhIFdpa2kgcGFnZSBmb3I8YnI+CiAgICAgICZndDsmZ3Q7IGl0IGxhdGVyIHRvZGF5LCBs ZXN0IHRoaXMga25vd2xlZGdlIGJlIGxvc3QgdG8gdGhlCiAgICAgIG1haWxpbmcgbGlzdC48YnI+ CiAgICAgICZndDsmZ3Q7PGJyPgogICAgICAmZ3Q7PGJyPgogICAgICAmZ3Q7IFRoYXQgaXMgYW4g ZXhjZWxsZW50IHN1Z2dlc3Rpb24umiBJJ3ZlIGNyZWF0ZWQgYSBsb2cgYm9hcmQKICAgICAgZW50 cnkgZm9yIGl0Ljo8YnI+CiAgICAgICZndDs8YnI+CiAgICAgICZndDuamiA8YSBjbGFzcz0ibW96 LXR4dC1saW5rLWZyZWV0ZXh0IiBocmVmPSJodHRwczovL3dpa2kuZ2FsYXh5cHJvamVjdC5vcmcv Q29tbXVuaXR5L0xvZ3MiPmh0dHBzOi8vd2lraS5nYWxheHlwcm9qZWN0Lm9yZy9Db21tdW5pdHkv TG9nczwvYT48YnI+CiAgICAgICZndDs8YnI+CiAgICAgICZndDsgVGhlIGZpcnN0IGZvciAyMDE0 LpogRmVlbCBmcmVlIHRvIGVkaXQsIG9yIHNlbmQgbWUgcmV2aXNpb25zLjxicj4KICAgICAgJmd0 Ozxicj4KICAgICAgJmd0OyBUaGFua3MsPGJyPgogICAgICAmZ3Q7PGJyPgogICAgICAmZ3Q7IERh dmUgQy48YnI+CiAgICAgICZndDs8L3NwYW4+PGJyPgogICAgPGJyPgogICAgQ2hlZXJzLDxicj4K ICAgIEVyaWM8YnI+CiAgICA8YnI+CiAgICAtIC0tIDxicj4KICAgIEVyaWMgUmFzY2hlPGJyPgog ICAgUHJvZ3JhbW1lciBJSTxicj4KICAgIENlbnRlciBmb3IgUGhhZ2UgVGVjaG5vbG9neTxicj4K ICAgIFRleGFzIEEmYW1wO00gVW5pdmVyc2l0eTxicj4KICAgIENvbGxlZ2UgU3RhdGlvbiwgVFgg Nzc4NDM8YnI+CiAgICA0MDQtNjkyLTIwNDggJmx0O3RlbDo0MDQ2OTIyMDQ4Jmd0Ozxicj4KICAg IDxhIGNsYXNzPSJtb3otdHh0LWxpbmstYWJicmV2aWF0ZWQiIGhyZWY9Im1haWx0bzplc3JAdGFt dS5lZHUiPmVzckB0YW11LmVkdTwvYT4gPGEgY2xhc3M9Im1vei10eHQtbGluay1yZmMyMzk2RSIg aHJlZj0ibWFpbHRvOmVzckB0YW11LmVkdSI+Jmx0O21haWx0bzplc3JAdGFtdS5lZHUmZ3Q7PC9h Pjxicj4KICAgIC0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tPGJyPgogICAgVmVyc2lvbjog R251UEcgdjEuNC4xMSAoR05VL0xpbnV4KTxicj4KICAgIENvbW1lbnQ6IFVzaW5nIEdudVBHIHdp dGggVGh1bmRlcmJpcmQgLSA8YSBjbGFzcz0ibW96LXR4dC1saW5rLWZyZWV0ZXh0IiBocmVmPSJo dHRwOi8vd3d3LmVuaWdtYWlsLm5ldC8iPmh0dHA6Ly93d3cuZW5pZ21haWwubmV0LzwvYT48YnI+ CiAgICA8YnI+CiAgICBpUUljQkFFQkFnQUdCUUpTNXJuVkFBb0pFTXFEWGRyc01jcFZHK29RQUlk Q1JMR0pLTXZnc2I5a1ZxYnplVUdBPGJyPgogICAga1pjQ2ZJcUlteHpwYktlQ1hGZFRuYjRuS1FT RnpZNHpMWGF2b3g5VkxqcnI0c3g3NnJ4aEY5MWhpOEI4cGVMdDxicj4KICAgIEVjd3hTcjl5dHFP dGpra1dTa0kzYlhJRTlDS2FwekRUV2NCYTRlekhIb1BvWnZEem5RN09WOUpCVTBCR0lucFM8YnI+ CiAgICBGYTVJWWZUZGw3Y0Fhd3hrYVRsb21UQkF3dGhKMDhVUXAxRHdKUm14Y3lZbTVGTjhrdHZY N3UwWUszUk8xelhiPGJyPgogICAgeWtmcHNsSWxWSVpNdlJjaTB4dEk1U3NPSFFXRjYzUEpPREx0 bndsOTA3NTl3WWhaSThxRmZkdy9pMHFjL0hSVTxicj4KICAgICtZMFQ3OWxFN2VaZjEwRktoVFhG RGV3ZURrVWMxeGdjNUpyQ2RWVW1QY1NTOU5NUjhNR0w5NlJtOTM4UGJKRTY8YnI+CiAgICBmZy9m TTAwQlo4NVQzQkhEb0lIS1BSWGRVSVYwTURrbUV3OFoweWV1S0RZRFBKK1NFK0NqVlBoSEJ5ZWlC MWhIPGJyPgogICAgM2tVZVdiSHJXZ1NkcDBPWUp1aEhvVWpCZkpBbEFVRFNlWU95OXZLaTRMTjFa WUczYWNRbDBMQWZ4WVBnT0U5Mjxicj4KICAgIGNzNCtCcUNnWjd2YXN0WUVUNURxaUxvZHJtTmtE R3dkbm0zTzVYVlFTMmZDWlQ3UmVQcG1ib01wSGdETURhTzM8YnI+CiAgICBPZ2F2WjlScEpkdDVo NjhHQU9FOVEvSUsrWTdiYmxCZlJyU3JBTnB2VUlXWGZMZWkrSUZhUVpQVE41OXY5Sjh2PGJyPgog ICAgT3dIU3E0SDc0bC9NUThiK3ErYmhqVTQ3MlFKWjJtNm90TzFLa05HNHBxT0lndGlxWW5XcnAz NnVNcVdzallISzxicj4KICAgIGFvRlJhaDR4SG51dFZQYTBlaDA5PGJyPgogICAgPXhCblU8YnI+ CiAgICAtLS0tLUVORCBQR1AgU0lHTkFUVVJFLS0tLS08YnI+CiAgICA8YnI+CiAgPC9ib2R5Pgo8 L2h0bWw+Cg== --===============7565633515581442008==-- From clements@galaxyproject.org Fri Jan 31 14:06:21 2014 From: Dave Clements To: galaxy-dev@lists.galaxyproject.org Subject: Re: [galaxy-dev] Remote User Logout Date: Fri, 31 Jan 2014 11:05:33 -0800 Message-ID: In-Reply-To: <52E6B9D6.3010208@yandex.ru> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2116229952335139265==" --===============2116229952335139265== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Eric, > > I figured this was as good of a time as any... > I moved the AD/LDAP/External authentication out of the Apache Proxy page > (who would think to look there?) and into its own page. I added my > organisation's information on mod_auth_kerb while I was at it. > > That seemed like a reasonable place to put this sort of information. I've > also reduced the solution to just the necessary portions, but it would need > to be tested by someone. > > > https://wiki.galaxyproject.org/Admin/Config/ExternalUserDatbases#Logging_ou= t_Basic_Auth.27d_Users > > Thanks for updating the admin wiki pages. The admin wiki pages are sprawling and any efforts to keep them current and well organized are *dearly appreciated*. > I suggest we re-link the community log page to that subsection as it has > more related information, if that is amenable to everyone. > I've updated https://wiki.galaxyproject.org/Community/Log/2014/LDAPRemoteUserLogout and added links to the two wiki pages. I left the content on the log page, although I'm not at all certain that is wise: The log pages are meant to be a quick and easy way to document stuff and make it easy to find. I think that leaving this log page (mostly) as it was will encourage contribution more than stripping it. Most people are not going to be willing to locate the right pages in the wiki for all their content. However, I'm hoping that if they can just drop content into one, time-stamped, no-commitment-to-keep-it-current, place then they will be way more likely to contribute. That's my theory anyway. So far, my theory hasn't particularly panned out, but the log board is still less than 2 months old. Thanks again, Dave C --=20 http://galaxyproject.org/ http://getgalaxy.org/ http://usegalaxy.org/ http://wiki.galaxyproject.org/ --===============2116229952335139265== Content-Type: text/html Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.htm" MIME-Version: 1.0 PGRpdiBkaXI9Imx0ciI+SGkgRXJpYyw8ZGl2PjxkaXYgY2xhc3M9ImdtYWlsX2V4dHJhIj48ZGl2 IGNsYXNzPSJnbWFpbF9xdW90ZSI+PGJsb2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBzdHls ZT0ibWFyZ2luOjBweCAwcHggMHB4IDAuOGV4O2JvcmRlci1sZWZ0LXdpZHRoOjFweDtib3JkZXIt bGVmdC1jb2xvcjpyZ2IoMjA0LDIwNCwyMDQpO2JvcmRlci1sZWZ0LXN0eWxlOnNvbGlkO3BhZGRp bmctbGVmdDoxZXgiPgoKPGRpdiBiZ2NvbG9yPSIjRkZGRkZGIiB0ZXh0PSIjMDAwMDAwIj48ZGl2 IGNsYXNzPSJpbSI+PGJyPjwvZGl2PgogICAgSSBmaWd1cmVkIHRoaXMgd2FzIGFzIGdvb2Qgb2Yg YSB0aW1lIGFzIGFueS4uLjxicj4KICAgIEkgbW92ZWQgdGhlIEFEL0xEQVAvRXh0ZXJuYWwgYXV0 aGVudGljYXRpb24gb3V0IG9mIHRoZSBBcGFjaGUgUHJveHkKICAgIHBhZ2UgKHdobyB3b3VsZCB0 aGluayB0byBsb29rIHRoZXJlPykgYW5kIGludG8gaXRzIG93biBwYWdlLiBJIGFkZGVkCiAgICBt eSBvcmdhbmlzYXRpb24mIzM5O3MgaW5mb3JtYXRpb24gb24gbW9kX2F1dGhfa2VyYiB3aGlsZSBJ IHdhcyBhdCBpdC48YnI+CiAgICA8YnI+CiAgICBUaGF0IHNlZW1lZCBsaWtlIGEgcmVhc29uYWJs ZSBwbGFjZSB0byBwdXQgdGhpcyBzb3J0IG9mIGluZm9ybWF0aW9uLgogICAgSSYjMzk7dmUgYWxz byByZWR1Y2VkIHRoZSBzb2x1dGlvbiB0byBqdXN0IHRoZSBuZWNlc3NhcnkgcG9ydGlvbnMsIGJ1 dAogICAgaXQgd291bGQgbmVlZCB0byBiZSB0ZXN0ZWQgYnkgc29tZW9uZS48YnI+CiAgICA8YnI+ CjxhIGhyZWY9Imh0dHBzOi8vd2lraS5nYWxheHlwcm9qZWN0Lm9yZy9BZG1pbi9Db25maWcvRXh0 ZXJuYWxVc2VyRGF0YmFzZXMjTG9nZ2luZ19vdXRfQmFzaWNfQXV0aC4yN2RfVXNlcnMiIHRhcmdl dD0iX2JsYW5rIj5odHRwczovL3dpa2kuZ2FsYXh5cHJvamVjdC5vcmcvQWRtaW4vQ29uZmlnL0V4 dGVybmFsVXNlckRhdGJhc2VzI0xvZ2dpbmdfb3V0X0Jhc2ljX0F1dGguMjdkX1VzZXJzPC9hPjxi cj4KCgogICAgPGJyPjwvZGl2PjwvYmxvY2txdW90ZT48ZGl2PlRoYW5rcyBmb3IgdXBkYXRpbmcg dGhlIGFkbWluIHdpa2kgcGFnZXMuIJpUaGUgYWRtaW4gd2lraSBwYWdlcyBhcmUgc3ByYXdsaW5n IGFuZCBhbnkgZWZmb3J0cyB0byBrZWVwIHRoZW0gY3VycmVudCBhbmQgd2VsbCBvcmdhbml6ZWQg YXJlIDxpPmRlYXJseSBhcHByZWNpYXRlZDwvaT4uPC9kaXY+PGRpdj6aPC9kaXY+PGJsb2NrcXVv dGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBzdHlsZT0ibWFyZ2luOjBweCAwcHggMHB4IDAuOGV4O2Jv cmRlci1sZWZ0LXdpZHRoOjFweDtib3JkZXItbGVmdC1jb2xvcjpyZ2IoMjA0LDIwNCwyMDQpO2Jv cmRlci1sZWZ0LXN0eWxlOnNvbGlkO3BhZGRpbmctbGVmdDoxZXgiPgoKPGRpdiBiZ2NvbG9yPSIj RkZGRkZGIiB0ZXh0PSIjMDAwMDAwIj4KICAgIEkgc3VnZ2VzdCB3ZSByZS1saW5rIHRoZSBjb21t dW5pdHkgbG9nIHBhZ2UgdG8gdGhhdCBzdWJzZWN0aW9uIGFzIGl0CiAgICBoYXMgbW9yZSByZWxh dGVkIGluZm9ybWF0aW9uLCBpZiB0aGF0IGlzIGFtZW5hYmxlIHRvIGV2ZXJ5b25lLjwvZGl2Pjwv YmxvY2txdW90ZT48L2Rpdj48ZGl2IGNsYXNzPSJnbWFpbF9leHRyYSI+PGJyPjwvZGl2PkkmIzM5 O3ZlIHVwZGF0ZWQgPGEgaHJlZj0iaHR0cHM6Ly93aWtpLmdhbGF4eXByb2plY3Qub3JnL0NvbW11 bml0eS9Mb2cvMjAxNC9MREFQUmVtb3RlVXNlckxvZ291dCI+aHR0cHM6Ly93aWtpLmdhbGF4eXBy b2plY3Qub3JnL0NvbW11bml0eS9Mb2cvMjAxNC9MREFQUmVtb3RlVXNlckxvZ291dDwvYT4gYW5k IGFkZGVkIGxpbmtzIHRvIHRoZSB0d28gd2lraSBwYWdlcy4gSSBsZWZ0IHRoZSBjb250ZW50IG9u IHRoZSBsb2cgcGFnZSwgYWx0aG91Z2ggSSYjMzk7bSBub3QgYXQgYWxsIGNlcnRhaW4gdGhhdCBp cyB3aXNlOjwvZGl2PgoKPGRpdiBjbGFzcz0iZ21haWxfZXh0cmEiPjxicj48L2Rpdj48ZGl2IGNs YXNzPSJnbWFpbF9leHRyYSI+VGhlIGxvZyBwYWdlcyBhcmUgbWVhbnQgdG8gYmUgYSBxdWljayBh bmQgZWFzeSB3YXkgdG8gZG9jdW1lbnQgc3R1ZmYgYW5kIG1ha2UgaXQgZWFzeSB0byBmaW5kLiCa SSB0aGluayB0aGF0IGxlYXZpbmcgdGhpcyBsb2cgcGFnZSAobW9zdGx5KSBhcyBpdCB3YXMgd2ls bCBlbmNvdXJhZ2UgY29udHJpYnV0aW9uIG1vcmUgdGhhbiBzdHJpcHBpbmcgaXQuIJpNb3N0IHBl b3BsZSBhcmUgbm90IGdvaW5nIHRvIGJlIHdpbGxpbmcgdG8gbG9jYXRlIHRoZSByaWdodCBwYWdl cyBpbiB0aGUgd2lraSBmb3IgYWxsIHRoZWlyIGNvbnRlbnQuIJpIb3dldmVyLCBJJiMzOTttIGhv cGluZyB0aGF0IGlmIHRoZXkgY2FuIGp1c3QgZHJvcCBjb250ZW50IGludG8gb25lLCB0aW1lLXN0 YW1wZWQsIG5vLWNvbW1pdG1lbnQtdG8ta2VlcC1pdC1jdXJyZW50LCBwbGFjZSB0aGVuIHRoZXkg d2lsbCBiZSB3YXkgbW9yZSBsaWtlbHkgdG8gY29udHJpYnV0ZS48L2Rpdj4KCjxkaXYgY2xhc3M9 ImdtYWlsX2V4dHJhIj48YnI+PC9kaXY+PGRpdiBjbGFzcz0iZ21haWxfZXh0cmEiPlRoYXQmIzM5 O3MgbXkgdGhlb3J5IGFueXdheS4gmlNvIGZhciwgbXkgdGhlb3J5IGhhc24mIzM5O3QgcGFydGlj dWxhcmx5IHBhbm5lZCBvdXQsIGJ1dCB0aGUgbG9nIGJvYXJkIGlzIHN0aWxsIGxlc3MgdGhhbiAy IG1vbnRocyBvbGQuPC9kaXY+PGRpdiBjbGFzcz0iZ21haWxfZXh0cmEiPgoKPGJyPjwvZGl2Pjxk aXYgY2xhc3M9ImdtYWlsX2V4dHJhIj5UaGFua3MgYWdhaW4sPC9kaXY+PGRpdiBjbGFzcz0iZ21h aWxfZXh0cmEiPjxicj48L2Rpdj48ZGl2IGNsYXNzPSJnbWFpbF9leHRyYSI+RGF2ZSBDPC9kaXY+ PGRpdiBjbGFzcz0iZ21haWxfZXh0cmEiPpo8YnIgY2xlYXI9ImFsbCI+PGRpdj48YnI+PC9kaXY+ LS0gPGJyPjxkaXYgZGlyPSJsdHIiPjxhIGhyZWY9Imh0dHA6Ly9nYWxheHlwcm9qZWN0Lm9yZy8i IHRhcmdldD0iX2JsYW5rIj5odHRwOi8vZ2FsYXh5cHJvamVjdC5vcmcvPC9hPjxicj4KCjxhIGhy ZWY9Imh0dHA6Ly9nZXRnYWxheHkub3JnLyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHA6Ly9nZXRnYWxh eHkub3JnLzwvYT48YnI+PGEgaHJlZj0iaHR0cDovL3VzZWdhbGF4eS5vcmcvIiB0YXJnZXQ9Il9i bGFuayI+aHR0cDovL3VzZWdhbGF4eS5vcmcvPC9hPjxicj48YSBocmVmPSJodHRwOi8vd2lraS5n YWxheHlwcm9qZWN0Lm9yZy8iIHRhcmdldD0iX2JsYW5rIj5odHRwOi8vd2lraS5nYWxheHlwcm9q ZWN0Lm9yZy88L2E+PGJyPgoKPC9kaXY+CjwvZGl2PjwvZGl2PjwvZGl2Pgo= --===============2116229952335139265==--