Hi,
I'm currently solving a problem with authentication to FTP service for users of
our galaxy server. We've successfully established an authentication via
shibboleth behind Nginx (not very easy, but doable :) but that also means that
ProFTPD is not working anymore, as it doesn't support SAML authentication.
So my question is obvious, I'm looking for an easy and free FTP server with
SAML support, can anybody help me with an advice? I've already found
CompleteFTP and CrushFTP but both are paid and one is Windows-only allegedly.
So how do you - people using external authentication via SAML - do
this?
CrushFTP will support SAML auth only on HTTP transfers not FTP (the actual protocol) tranfers.
SAML is HTTP centric spec, hooking it up to other non-HTTP portocols is diffcult, more info here :
You will not find any single FTP (the actual protocol) server with SAML support. However, you can use HTTP uploader tools that you can hook up more or less easly with SAML (bear in mind that Galaxy needs to have access to files once uploaded which
can add more complexity to the integration with thirdparty upload tools) And since you're down the HTTP uploading path, you may jus stick with Galaxy's own HTTP upload feature.
If you need FTP, your best option, is to connect the ProfFTPD to the LDAP/AD server used by the SAML IdP itself. This setup can only work in a single oragnization (no SAML federation in action)
If you have time, there are many JS libs that you can use to build a custom file uploader (with SAML auth, HTML5 and resuming support) :
(and even in this situation, it will be difficult to handle CLI based upload workflows)
Youssef Ghorbal
Institut Pasteur