I am currently using Apache and CAS (https://en.wikipedia.org/wiki/Central_Authentication_Service) to provide external authentication to Galaxy. I'd like to start using the API, however, I've not been able to find a way to get that to work. A while back, someone suggested using the following: <Location "/api"> Satisfy Any Allow from all </Location> However, this breaks the history view at least, since the ajax call is an /api call and no HTTP_REMOTE_USER gets set. Does anyone have any suggestions? I'd love to get this going with some simple configuration... I know I could move over to LDAP, but that is not desirable since it's less secure than CAS. Another option would be to implement CAS within Galaxy, but that does seem like a good bit of work, but perhaps someone is already working on it or at least interested? -- Lance Parsons - Scientific Programmer Carl C. Icahn Laboratory - Room 141 (Temporary) Lewis-Sigler Institute for Integrative Genomics Princeton University