On Feb 13, 2013, at 3:25 PM, Carlos Borroto wrote:
On Wed, Feb 13, 2013 at 3:10 PM, Greg Von Kuster <greg@bx.psu.edu> wrote:
Carlos,
Sorry you're having difficulty here. I'm not able to help very much here because I'm not familiar with the Galaxy remote user authentication process and I don't have an environment in which to mess with it.
In case it helps, however, the Tool Shed uses the same code for remote user authentication as Galaxy does, so if you have gotten this to work for a Galaxy instance, you should be able to use the same configuration for the Tool Shed.
Hi Greg,
Maybe I should explain myself better here and also create a trello card to check progress on this issue.
When you activate use_remote_user in the Tool Shed and correctly configure your web server(ex. Apache), everything will work as in Galaxy. You will get presented with an Apache basic authentication box and you will get access Tool Shed as expected. Every single feature in the Tool Shed works perfectly as far as I can tell.
Where is the problem them?. Well, it is when you try to install a tool from the Tool Shed in a Galaxy instance. When Galaxy tries to clone the mercurial repository from the Tool Shed it gets a "HTTP/1.1 403". Even so if you made sure Apache will allow unrestricted access from the Galaxy host. You still get "HTTP/1.1 403" from the Tool Shed, as the Tools Shed is expecting a remote user header the Galaxy instance is not providing.
I'm not so sure what is the best way to approach this issue. I see two possibilities thou. Galaxy will have to provide a remote user header, maybe assume the Galaxy user is the same as the Tool Shed, a good guess I think, or the Tool Shed would have to allow access to "/repositories/" even if there is no a remote user in the header. Again, I don't know if either of these options are technically possible or safe to use.
Hi Carlos, You may be able to get this to work by setting 'display_servers = <galaxy_server_hostname>' in your community_wsgi.ini file. This instructs Galaxy's remote user middleware to allow connections from this host even if a remote user has not been provided. It looks like all the pieces are there in the Tool Shed to make it work. --nate
Thanks for looking into this, Carlos