Hi Nate: I'll look into an SSO situation... I assume this works because the front end to the toolshed can check to be sure that the admin requesting installation has an active session with the SSO server. ? Brad ________________________________ From: Nate Coraor <nate@bx.psu.edu> Sent: Wednesday, February 26, 2014 9:01 AM To: Langhorst, Brad Cc: galaxy-dev@lists.bx.psu.edu Subject: Re: [galaxy-dev] local toolshed with remote-user=true and require-user=falase Hi Brad, If you're using HTTP Auth, that will be the case since HTTP Auth has no notion of sessions, the auth credentials must be provided with every request. For a more robust solution, you probably want to use an auth filter that creates an authentication session. Penn State uses Cosign for this, but there are other options. --nate On Feb 25, 2014, at 17:09, "Langhorst, Brad" <Langhorst@neb.com<mailto:Langhorst@neb.com>> wrote: Has anyone set up a local toolshed with external authentication? Is this expected to work? I have external auth working, but tools cannot be installed (403 forbidden) unless I turn of authentication. If i turn on remote-auth, i have to configure the webserver to ask for credentials otherwise i get an error page. It would make sense to have the webserver request credentials only for requests to a login page, but I don't see how to do that. For now I've just turned off remote-auth. Brad -- Brad Langhorst, Ph.D. Applications and Product Development Scientist ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/