From rasche.eric@yandex.ru Mon Jan 27 09:56:47 2014 From: Eric Rasche To: galaxy-dev@lists.galaxyproject.org Subject: Re: [galaxy-dev] Remote User Logout Date: Mon, 27 Jan 2014 08:56:33 -0600 Message-ID: <52E673A1.4020906@yandex.ru> In-Reply-To: <1390825673.20492.65.camel@balisaur> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6020176301612170236==" --===============6020176301612170236== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Tim, Amazing! Thank you for sharing that code. That'll save me some work when I get around to implementing it on my galaxies. I'll add a Wiki page for it later today, lest this knowledge be lost to the mailing list. Cheers, Eric On 01/27/2014 06:27 AM, Tim Booth wrote: > Hi, >=20 > I'm currently using one of those hacks, and it seems to work nicely for > the user (Chrome + FF at least) but it does need some messy setting up > in Apache and some cunning redirects in place. I've pasted the relevant > file fragments below. It's somewhat confounded with my stuff to enable > SFTP uploads but hopefully you get the idea and the original explanation > on Stackoverflow is pretty good. The remote_user_logout_href is > something I got to by trial and error. >=20 > Cheers, >=20 > TIM >=20 > =3D=3D=3D >=20 > % cat /usr/share/galaxy-server/logout/.htaccess=20 > # HaCk based on http://stackoverflow.com/questions/4163122/http-basic-authe= ntication-log-out > # Authname must match the one in ../proxy/.htaccess >=20 > AuthType Basic > AuthName Galaxy_Server >=20 > AuthUserFile /usr/share/galaxy-server/logout/.htpasswd > Require user logout >=20 > =3D=3D=3D >=20 > % cat /usr/share/galaxy-server/logout/.htpasswd > #Password is logout. This in not a secret. > logout:$apr1$0eB1iURY$kwqa0c8tXksbjPQLYqr6s. >=20 > =3D=3D=3D >=20 > % cat /usr/share/galaxy-server/proxy/.htaccess > # Security settings for Galaxy proxied via Apache. Note the actual > # proxy config is under /etc/apache2/conf.d/galaxy. If for some=20 > # reason you wanted Apache proxy with internal Galaxy authentication=20 > # then you could remove this file and Apache would no longer insist on > # authentication. > AuthBasicProvider external > AuthExternal pwauth > AuthType Basic > AuthName Galaxy_Server >=20 > #I'd like to do this, but it upsets Firefox. Use ErrorDocument instead. > # AuthName "Galaxy Server: \ > # Log in with regular username and password. \ > # Users need to be in the galaxy system group." >=20 > ErrorDocument 401 "\ > 401 Authorization Required\ >

Log-in to Galaxy failed

\ >

You should have been prompted to log into the Galaxy server. \ > You need to give your regular system username and password. \ > Please reload this page to try again.

\ >

If this fails, check that you are a member of the galaxy system > group, by \ > running groups on the command line.

\ >

To add a user, eg. user1, to this group, you may use the > command:

\ > \ > " >=20 > # You may want to comment these 2 lines out or to > # change the group required, but users still need to > # be in the galaxy group for SFTP uploads to work properly. > AuthzUnixgroup on > Require group galaxy >=20 > # This is needed to tell Galaxy about the remote > # user. > RequestHeader set REMOTE_USER %{RU}e env=3DRU > RequestHeader unset Authorization env=3DRU >=20 > =3D=3D=3D >=20 > % cat /etc/galaxy-server/universe_wsgi.d/31_apache-proxy.ini = =20 > # Settings added by debian-galaxy-apache-proxy to switch Galaxy over to > # authenticating by real user accounts and also permitting uploads. >=20 > [app:main] >=20 > # Other scripts assume that maildomain is localhsot, so you can't just > # change the setting below and expect everythig to work. > use_remote_user =3D True > remote_user_maildomain =3D localhost >=20 > # Users may copy files here directly or upload via SFTP/SCP > ftp_upload_dir =3D /var/lib/galaxy-server/transfer > ftp_upload_site =3D *** Transfer files via SCP or SFTP to /var/lib/galaxy-s= erver/transfer/... *** >=20 > # There is no neat way to log out a user with Basic Auth, but here is a non= -neat way. > # Not yet tested on IE. > remote_user_logout_href =3D javascript:var r=3Dnew XMLHttpRequest();r.onrea= dystatechange=3Dfunction(){if(r.readyState=3D=3D4)window.location.replace('lo= gout.html')};r.open('get','logout.html',true,'logout','logout');r.send(); >=20 > =3D=3D=3D >=20 - -- Eric Rasche Programmer II Center for Phage Technology Texas A&M University -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQIcBAEBAgAGBQJS5nOgAAoJEMqDXdrsMcpVunUQAL1SwYf3Rux5wFKEkt35c7yc YLrscQm0dTK3P/mzin29D/mr1qFYJbBBKx1wk4e4mG6qeLlX97x1JH/YdeNtT/9l E2nFt4H/BKH4/5N6WDLnR4A+fkkbG3oXeBXf07s70vqQFrfhtDrA42VH2SfEWfVn xp6O4hg72M7p07QiYe3B/jUerKxJ6Z354GDGjpbuoDNDMvJlbiD79hIZAkHltsJS ubsyV3eiL0v+YwY4XV4oL8Lf72023P/38SizLgRbT0MRhQCzotpVlxEV55IT/KNd Sj0/ggBQmy+uQv81J6qZ+dQILhPYiWR39jJq2IhfsQ06TyASrSs2sOuXZG33k//L /aScLX2wOqjpgL5UOETqFSm1CzLUdJ+S9pR/cxmVGE8v92w/mnVwxYQrEzdmSpfw 1ouw77rOXtrVuL4GrcHoXeXQZIIumf7PrdLeTJzorrD/QKi7qh/M5ohMeoZqivkM 0yYXQpOOEat86f1HoLspWVH0kLUk0CCx9V0YxbL6sZ9xfMOJovWWPF+Ih4o3Xb+J 8NQn+NW7VROGQbx8nBaltx5WwZuq9KrAdQOduGbD6wWoHCO0P+Ix/O6hdjeHampu eloRLoSJWP03XyKnsrrDpzrf+JbVkbN+5rJz6O+u6JyEFuF1MJssjAQ0FqxvaC2w Zc89sZrfuOXE8krggNLJ =3DgZ/s -----END PGP SIGNATURE----- --===============6020176301612170236==--