Hi Prakash, Could you send the output of `hg summary`? Thanks, --nate On Fri, Jan 3, 2014 at 1:41 PM, Velayutham, Prakash (Prakash) <Prakash.Velayutham@cchmc.org> wrote:
Hi Nate,
I just updated my copy and the changes you pushed are in. However, the auth part is not working still. I added
remote_user_header = 'HTTP_AUTH_USER'
to universe_wsgi.ini and restarted Galaxy. When I hit the site, after logging into the front end proxy server, I get this.
Access to Galaxy is denied
Galaxy is configured to authenticate users via an external method (such as HTTP authentication in Apache), but a username was not provided by the upstream (proxy) server. This is generally due to a misconfiguration in the upstream server.
Please contact your local Galaxy administrator.
I am capturing all the header variables in a file and this is what the contents of the file is after the above DENIED message.
[srv-galaxy@bmigalaxyp1 galaxy-dist]$ cat file.py HTTP_X_FORWARDED_SERVER: galaxy.research.cchmc.org HTTP_COOKIE: galaxysession=c6ca0ddb55be603ac556311ffa6257cd21da46c2083580c93cee9aaaf9c0c67c8e80f388ebf98dff; BIGipServerbmigw-pool=626771722.20480.0000; ObSSOCookie=QF4kYG5VvhHej14EN4XRqPVEgJ7ukfSLFWTmDjibS5YUstElLeDIwcxFAgtZhGi3uJGhh4f6lFQcmAl2B1%2FM%2BptbBKwkCGNQGkJhKhu1Pz4x7bjDOaifC9t%2Fhgy%2FN3FAoXSQUFFg0cVkXnKKhoA5Hxkt%2BcvkQObSn7Mr1Vi0xPakNoRcEC7k%2BhhR3Vp8oGUEkODLotLSAvkPfj8xL0rfzgYuLI3aY8F77M2Sj7vcDiOB03VOiBddelvOqLTHfYwlktQ81MlQq%2BjQPMX5wo9g7DhD7nwtSBgvozJ0VvmNmMfn%2BKvkgEXo8YbyQakY5PXg2pJE6IjUJTF%2FpKOfO5W2IKYzkqbDgicaMjTKq1Q7zr%2BW0BQKzhsEIjhHkneH2NRiIUiriemEbJVVo9nrMsxviT8Hah7X5YZ5kVGjBpX5owA%3D HTTP_ACCEPT_LANGUAGE: en-us paste.recursive.include: <paste.recursive.Includer from /> SCRIPT_NAME: REQUEST_METHOD: GET PATH_INFO: / HTTP_ORIGIN: https://login.research.cchmc.org SERVER_PROTOCOL: HTTP/1.1 QUERY_STRING: paste.throw_errors: True CONTENT_LENGTH: 0 weberror.evalexception: <weberror.evalexception.middleware.EvalException object at 0x8d02d50> HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/536.30.1 (KHTML, like Gecko) Version/6.0.5 Safari/536.30.1 HTTP_CONNECTION: Keep-Alive SERVER_NAME: 0.0.0.0 REMOTE_ADDR: 10.199.194.17 ORGINAL_REMOTE_ADDR: 10.199.92.37 wsgi.url_scheme: http SERVER_PORT: 8080 paste.recursive.forward: <paste.recursive.Forwarder from /> paste.recursive.script_name: paste.evalexception: <weberror.evalexception.middleware.EvalException object at 0x8d02d50> wsgi.input: <socket._fileobject object at 0x8d9eb50 length=0> HTTP_HOST: galaxy.research.cchmc.org paste.recursive.include_app_iter: <paste.recursive.IncluderAppIter from /> wsgi.multithread: True HTTP_CONFVER: 1 HTTP_CACHE_CONTROL: max-age=0 HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 wsgi.version: (1, 0) HTTP_AUTH_USER: Prakash.Velayutham@cchmc.org wsgi.run_once: False wsgi.errors: <galaxy.util.pastescript.serve.LazyWriter object at 0x239db10> wsgi.multiprocess: False HTTP_X_FORWARDED_HOST: galaxy.research.cchmc.org HTTP_X_FORWARDED_FOR: 10.199.194.17 CONTENT_TYPE: request_id: 34e3f63274a611e3aaf1005056a84587 paste.httpserver.thread_pool: <paste.httpserver.ThreadPool object at 0x8da5750> ORGINAL_HTTP_HOST: bmigalaxyp1.chmcres.cchmc.org:8080 HTTP_UID: VELGE9 [srv-galaxy@bmigalaxyp1 galaxy-dist]$
Obviously, I am logging in using HTTP_AUTH_USER, which does exist in the file, but auth is not going forward.
Please note that without the recent changes, I was able to change every instance of REMOTE_USER in the source code with AUTH_USER and that worked without issues.
Thanks, Prakash
On Jan 3, 2014, at 11:45 AM, Nate Coraor <nate@bx.psu.edu> wrote:
Hi Prakash,
This was not previously possible, but I have added a config option for it:
https://bitbucket.org/galaxy/galaxy-central/commits/e92e13e9c103cc1f36dff65e...
If you're running the stable branch, you can apply the changes from this commit manually.
--nate
On Thu, Jan 2, 2014 at 11:09 AM, Jennifer Jackson <jen@bx.psu.edu> wrote:
Hello Prakash, I am going to move this over to the galaxy-dev@bx.psu.edu mailing list where it will have greater visibility within our development community. Best, Jen Galaxy team https://wiki.galaxyproject.org/MailingLists#The_lists
On 1/2/14 7:27 AM, Velayutham, Prakash (Prakash) wrote:
Hi,
We have a SSO environment provided by Oracle Fusion products and for some reason, they don't like to send over HTTP_REMOTE_USER as a header variable to downstream servers. I have seen it before with other web sites I have integrated with Oracle Access Manager. Is there a way Galaxy can accept another HEADER variable than REMOTE_USER for its external authentication?
As an extension:
With just enabling HTTP_REMOTE_USER as a header variable from an external authenticator, Galaxy works without any issues. I tried this with a default Apache/mod_ldap/mod_authnz_ldap setup. However, when I mix the Oracle gateways into the mix, things break down.
I made OAM send HTTP_AUTH_USER over to Galaxy. I changed all instances of REMOTE_USER to AUTH_USER in the installed location of Galaxy in my server. Authentication works fine, but I get issues with HISTORY part of Galaxy (below), when I access a workflow or basically any part of Galaxy that depends on HISTORY
Error Traceback:
View as: Interactive | Text | XML (full) ⇝ AttributeError: 'NoneType' object has no attribute 'user' URL: http://xxx.xxx.xxx/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False Module weberror.evalexception.middleware:364 in respond <Mail Attachment.jpeg> view
app_iter = self.application(environ, detect_start_response) Module paste.recursive:84 in __call__ <Mail Attachment.jpeg> view return self.application(environ, start_response) Module galaxy.web.framework.middleware.remoteuser:91 in __call__ <Mail Attachment.jpeg> view
return self.app( environ, start_response ) Module paste.httpexceptions:633 in __call__ <Mail Attachment.jpeg> view return self.application(environ, start_response) Module galaxy.web.framework.base:132 in __call__ <Mail Attachment.jpeg> view
return self.handle_request( environ, start_response ) Module galaxy.web.framework.base:190 in handle_request <Mail Attachment.jpeg> view
body = method( trans, **kwargs ) Module galaxy.web.framework:98 in decorator <Mail Attachment.jpeg> view
return func( self, trans, *args, **kwargs ) Module galaxy.webapps.galaxy.controllers.dataset:555 in list <Mail Attachment.jpeg> view
status, message = self._copy_datasets( trans, hda_ids, target_histories ) Module galaxy.webapps.galaxy.controllers.dataset:1127 in _copy_datasets <Mail Attachment.jpeg> view if user != history.user: AttributeError: 'NoneType' object has no attribute 'user'
Thanks, Prakash
___________________________________________________________ The Galaxy User list should be used for the discussion of Galaxy analysis and other features on the public server at usegalaxy.org. Please keep all replies on the list by using "reply all" in your mail client. For discussion of local Galaxy instances and the Galaxy source code, please use the Galaxy Development list:
http://lists.bx.psu.edu/listinfo/galaxy-dev
To manage your subscriptions to this and other Galaxy lists, please use the interface at:
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/mailinglists/
-- Jennifer Hillman-Jackson http://galaxyproject.org
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/