On Jan 31, 2012, at 11:45 AM, Sarah Maman wrote:
Hi,
Thanks to log messages from remoteuser.py in
"./lib/galaxy/web/framework/middleware/remoteuser.py":
print('affichage des variables d acces')
print ('self domain : %s'%self.maildomain)
print ('path info : %s'%path_info)
print ('admin user : %s' %self.admin_users)
http_remote_user = environ.get('HTTP_REMOTE_USER','')
print ('http remote user : %s'%http_remote_user)
remote_user = environ.get('REMOTE_USER', '')
print ('remote user :%s' %remote_user)
Galaxy prints every environment variable it receives, and I have seen that
HTTP_REMOTE_USER variable is "(null)".
Moreover, Galaxy is defined as a valid Proxy (reverse proxy ??) so galaxy.conf is :
<VirtualHost localhost:port>
# Define Galaxy as a valid Proxy
<Proxy localhost:port>
Order deny,allow
Allow from all
Hi Sarah,
Please recheck the syntax in the documentation:
http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy
The following directives should be in the <Location> block, not the <Proxy>
block.
--nate
RewriteEngine on
# Take the $REMOTE_USER environment variable and set it as a header in the proxy
request.
RewriteCond %{IS_SUBREQ} ^false$
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
# Set the REMOTE_USER header to the contents of the LDAP query response's
"uid" attribute RequestHeader set REMOTE_USER
%{AUTHENTICATE_uid}e
RewriteRule ^/galaxy$ /galaxy/ [R]
RewriteRule ^/static/style/(.*)
/usr/local/bioinfo/src/galaxy/galaxy-dist/static/june_2007_style/blue/$1 [L]
RewriteRule ^/static/(.*) /usr/local/bioinfo/src/galaxy/galaxy-dist/static/$1
[L]
RewriteRule ^/images/(.*)
/usr/local/bioinfo/src/galaxy/galaxy-dist/static/images/$1 [L]
RewriteRule ^/favicon.ico
/usr/local/bioinfo/src/galaxy/galaxy-dist/static/favicon.ico [L]
RewriteRule ^/favicon.ico /var/www/html/favicon.ico [L]
RewriteRule ^/robots.txt
/usr/local/bioinfo/src/galaxy/galaxy-dist/static/robots.txt [L]
RewriteRule ^(.*) localhost:port$1 [P]
</Proxy>
<Location "/....." >
AuthType Basic
AuthBasicProvider ldap
AuthName "Galaxy"
AuthLDAPURL "ldap://serveur ..."
AuthzLDAPAuthoritative on
Require valid-user
</Location>
</VirtualHost>
But, I didn't achieve, yet , to access REMOTE_USER value throught proxy.
In universe_wsgi.ini,
*use_remote_user = True*
and
*remote_user_maildomain = toulouse.inra.fr*
Thanks in advance,
Sarah
Nate Coraor a écrit :
> On Jan 19, 2012, at 10:49 AM, Sarah Maman wrote:
>
>
>> Hi Brad, Hi Christopher,
>>
>> Thanks a lot.
>> I'm talking to Open LDAP. I have changed
>>
>> RequestHeader set REMOTE_USER %{AUTHENTICATE_uid}e
>> to
>> RequestHeader set REMOTE_USER %{AUTHENTICATE_UID}e
>>
>> But I always have the same message /(Access to Galaxy is denied
>> Galaxy is configured to authenticate users via an external method (such as HTTP
authentication in Apache), but a username was not provided by the upstream (proxy) server.
This is generally due to a misconfiguration in the upstream server. )/
>>
>
> Hi Sarah,
>
> This configuration will need to be in your Apache config (the location of which
varies depending on your OS and/or how Apache is installed) rather than an .htaccess
file.
>
> --nate
>
>
>> This is my .conf file :
>> <Proxy
http://localhost:8080>
>> Order deny,allow
>> Allow from all
>> </Proxy>
>>
>> RewriteEngine on
>>
>> <Location "/">
>> AuthType Basic
>> AuthName Galaxy
>> AuthBasicProvider ldap
>> AuthLDAPURL
"ldap://server/ou=People,ou=genopole,ou=toulouse,o=inra,c=fr?u
>> id?sub?(objectClass=person)"
>> AuthzLDAPAuthoritative off
>> Require valid-user
>> # Take the $REMOTE_USER environment variable and set it as a header
in the proxy request.
>> #RewriteCond %{IS_SUBREQ} ^false$
>> #RewriteCond %{LA-U:REMOTE_USER} (.+)
>> #RewriteRule . - [E=RU:%1]
>> #RequestHeader set REMOTE_USER %{RU}e
>> RequestHeader set REMOTE_USER %{AUTHENTICATE_UID}e
>> </Location>
>>
>>
>> Thanks in advance,
>> Sarah
>>
>>
>>
>>
>> Langhorst, Brad a écrit :
>>
>>> Hi Sarah:
>>>
>>> I don't know what kind of LDAP you're talking to... I'm talking
to Active
>>> Directory and this configuration works in that situation.
>>>
>>> Order allow,deny
>>> allow from all
>>>
>>> AuthType Basic
>>> AuthName "NEB Credentials"
>>> AuthBasicProvider ldap
>>> AuthzLDAPAuthoritative off
>>> AuthLDAPBindDN ccalookup(a)neb.com
>>> AuthLDAPBindPassword <password>
>>> AuthLDAPURL
>>>
"ldap://<ldap.domain.com>:389/dc=domain,dc=com?sAMAccountName"
>>> require valid-user
>>> RewriteCond %{IS_SUBREQ} ^false$
>>> RewriteCond %{LA-U:REMOTE_USER} (.+)
>>> RewriteRule . - [E=RU:%1]
>>> RequestHeader set REMOTE_USER
>>> %{AUTHENTICATE_sAMAccountName}e
>>>
>>>
>>>
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client. To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>>
>>
http://lists.bx.psu.edu/
>>
>>
>
>