Galaxy is configured to authenticate users via an external method (such as HTTP authentication in Apache), but no shared secret key was provided by the upstream (proxy) server.
Please contact your local Galaxy administrator. The
variable remote_user_secret and
GX_SECRET header must be set before you may
access Galaxy.
Hi all - In regards to external user authentication that I have working now (see thread below). When users try to go to the actual Galaxy page, they get the message:On Thu, Oct 1, 2015 at 4:10 PM, Ryan G <ngsbioinformatics@gmail.com> wrote:I see it in lib/galaxy/webapps/galaxy/controllers/user.py, but I think at that point its too late.I finally got around to this and all is working well. I submitted 2 patches to remoteuser.py to assist in debugging incorrect set ups.Last question - When a user logs out, they get the page ""Access to Galaxy user controls is disabled". I've set the remote_user_logout_href parameter to a different website, but they still get the "Access to Galaxy user controls is disabled".On Tue, Sep 8, 2015 at 4:05 PM, Ryan G <ngsbioinformatics@gmail.com> wrote:Yes, I have a test server I'm going to check this one. thanks for the link, that's perfect...I'll add some debugging code in here to see what's going on.On Tue, Sep 8, 2015 at 1:46 PM, Dannon Baker <dannon.baker@gmail.com> wrote:Do you have a way to verify the "HTTP_MAIL" header is actually being passed through your proxy server?The problem is that Galaxy still doesn't think it's receiving the expected headers, so there isn't a good way that it can tell you more about what might be going on. If you're able to tweak Galaxy (using a test server) and add a few logging statements the code, this would be good places to check what's going on (print the `environ` dictionary associated with that request, along with self.remote_user_header to see what Galaxy is actually trying to use):On Thu, Sep 3, 2015 at 1:51 PM, Ryan G <ngsbioinformatics@gmail.com> wrote:It turns out our authentication system passes a header 'HTTP_MAIL' which contains the users email address. In galaxy.ini, I have
use_remote_user = True
remote_user_header = HTTP_MAILAfter restarting,Galaxy still gives the same error.On Mon, Aug 31, 2015 at 3:44 PM, Dannon Baker <dannon.baker@gmail.com> wrote:Hi Ryan,It may be that Galaxy is looking for a different remote user header than your proxy is setting. I believe by default we look for HTTP_REMOTE_USER, but this is configurable in galaxy.ini (so, you could set yours to HTTP_USER there). Let me know if this doesn't sort it out for you and we can dig deeper!-DannonOn Mon, Aug 31, 2015 at 3:42 PM, Ryan G <ngsbioinformatics@gmail.com> wrote:___________________________________________________________How do I track this down?But nothing in paster.log indicating what the error is.When I try to access Galaxy, I get the message:Hi all - I'm trying to use external user authentication with Galaxy. The external authentication passes to Galaxy the username with the mail domain at HTTP_USER.In galaxy.ini, I enable:
use_remote_user = True
Galaxy is configured to authenticate users via an external method (such as HTTP authentication in Apache), but a username was not provided by the upstream (proxy) server. This is generally due to a misconfiguration in the upstream server.
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/mailinglists/