Hi Nate, I just updated my copy and the changes you pushed are in. However, the auth part is not working still. I added remote_user_header = 'HTTP_AUTH_USER' to universe_wsgi.ini and restarted Galaxy. When I hit the site, after logging into the front end proxy server, I get this. Access to Galaxy is denied Galaxy is configured to authenticate users via an external method (such as HTTP authentication in Apache), but a username was not provided by the upstream (proxy) server. This is generally due to a misconfiguration in the upstream server. Please contact your local Galaxy administrator. I am capturing all the header variables in a file and this is what the contents of the file is after the above DENIED message. [srv-galaxy@bmigalaxyp1 galaxy-dist]$ cat file.py HTTP_X_FORWARDED_SERVER: galaxy.research.cchmc.org<http://galaxy.research.cchmc.org> HTTP_COOKIE: galaxysession=c6ca0ddb55be603ac556311ffa6257cd21da46c2083580c93cee9aaaf9c0c67c8e80f388ebf98dff; BIGipServerbmigw-pool=626771722.20480.0000; ObSSOCookie=QF4kYG5VvhHej14EN4XRqPVEgJ7ukfSLFWTmDjibS5YUstElLeDIwcxFAgtZhGi3uJGhh4f6lFQcmAl2B1%2FM%2BptbBKwkCGNQGkJhKhu1Pz4x7bjDOaifC9t%2Fhgy%2FN3FAoXSQUFFg0cVkXnKKhoA5Hxkt%2BcvkQObSn7Mr1Vi0xPakNoRcEC7k%2BhhR3Vp8oGUEkODLotLSAvkPfj8xL0rfzgYuLI3aY8F77M2Sj7vcDiOB03VOiBddelvOqLTHfYwlktQ81MlQq%2BjQPMX5wo9g7DhD7nwtSBgvozJ0VvmNmMfn%2BKvkgEXo8YbyQakY5PXg2pJE6IjUJTF%2FpKOfO5W2IKYzkqbDgicaMjTKq1Q7zr%2BW0BQKzhsEIjhHkneH2NRiIUiriemEbJVVo9nrMsxviT8Hah7X5YZ5kVGjBpX5owA%3D HTTP_ACCEPT_LANGUAGE: en-us paste.recursive.include: <paste.recursive.Includer from /> SCRIPT_NAME: REQUEST_METHOD: GET PATH_INFO: / HTTP_ORIGIN: https://login.research.cchmc.org SERVER_PROTOCOL: HTTP/1.1 QUERY_STRING: paste.throw_errors: True CONTENT_LENGTH: 0 weberror.evalexception: <weberror.evalexception.middleware.EvalException object at 0x8d02d50> HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/536.30.1 (KHTML, like Gecko) Version/6.0.5 Safari/536.30.1 HTTP_CONNECTION: Keep-Alive SERVER_NAME: 0.0.0.0 REMOTE_ADDR: 10.199.194.17 ORGINAL_REMOTE_ADDR: 10.199.92.37 wsgi.url_scheme: http SERVER_PORT: 8080 paste.recursive.forward: <paste.recursive.Forwarder from /> paste.recursive.script_name: paste.evalexception: <weberror.evalexception.middleware.EvalException object at 0x8d02d50> wsgi.input: <socket._fileobject object at 0x8d9eb50 length=0> HTTP_HOST: galaxy.research.cchmc.org<http://galaxy.research.cchmc.org> paste.recursive.include_app_iter: <paste.recursive.IncluderAppIter from /> wsgi.multithread: True HTTP_CONFVER: 1 HTTP_CACHE_CONTROL: max-age=0 HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 wsgi.version: (1, 0) HTTP_AUTH_USER: Prakash.Velayutham@cchmc.org<mailto:Prakash.Velayutham@cchmc.org> wsgi.run_once: False wsgi.errors: <galaxy.util.pastescript.serve.LazyWriter object at 0x239db10> wsgi.multiprocess: False HTTP_X_FORWARDED_HOST: galaxy.research.cchmc.org<http://galaxy.research.cchmc.org> HTTP_X_FORWARDED_FOR: 10.199.194.17 CONTENT_TYPE: request_id: 34e3f63274a611e3aaf1005056a84587 paste.httpserver.thread_pool: <paste.httpserver.ThreadPool object at 0x8da5750> ORGINAL_HTTP_HOST: bmigalaxyp1.chmcres.cchmc.org<http://bmigalaxyp1.chmcres.cchmc.org>:8080 HTTP_UID: VELGE9 [srv-galaxy@bmigalaxyp1 galaxy-dist]$ Obviously, I am logging in using HTTP_AUTH_USER, which does exist in the file, but auth is not going forward. Please note that without the recent changes, I was able to change every instance of REMOTE_USER in the source code with AUTH_USER and that worked without issues. Thanks, Prakash On Jan 3, 2014, at 11:45 AM, Nate Coraor <nate@bx.psu.edu<mailto:nate@bx.psu.edu>> wrote: Hi Prakash, This was not previously possible, but I have added a config option for it: https://bitbucket.org/galaxy/galaxy-central/commits/e92e13e9c103cc1f36dff65e... If you're running the stable branch, you can apply the changes from this commit manually. --nate On Thu, Jan 2, 2014 at 11:09 AM, Jennifer Jackson <jen@bx.psu.edu<mailto:jen@bx.psu.edu>> wrote: Hello Prakash, I am going to move this over to the galaxy-dev@bx.psu.edu<mailto:galaxy-dev@bx.psu.edu> mailing list where it will have greater visibility within our development community. Best, Jen Galaxy team https://wiki.galaxyproject.org/MailingLists#The_lists On 1/2/14 7:27 AM, Velayutham, Prakash (Prakash) wrote: Hi, We have a SSO environment provided by Oracle Fusion products and for some reason, they don't like to send over HTTP_REMOTE_USER as a header variable to downstream servers. I have seen it before with other web sites I have integrated with Oracle Access Manager. Is there a way Galaxy can accept another HEADER variable than REMOTE_USER for its external authentication? As an extension: * With just enabling HTTP_REMOTE_USER as a header variable from an external authenticator, Galaxy works without any issues. I tried this with a default Apache/mod_ldap/mod_authnz_ldap setup. * However, when I mix the Oracle gateways into the mix, things break down. * I made OAM send HTTP_AUTH_USER over to Galaxy. * I changed all instances of REMOTE_USER to AUTH_USER in the installed location of Galaxy in my server. * Authentication works fine, but I get issues with HISTORY part of Galaxy (below), when I access a workflow or basically any part of Galaxy that depends on HISTORY Error Traceback: View as: Interactive<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> | Text<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> | XML<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> (full)<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> ⇝ AttributeError: 'NoneType' object has no attribute 'user' URL: http://xxx.xxx.xxx/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False Module weberror.evalexception.middleware:364 in respond <Mail Attachment.jpeg> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> view<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#>
<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> app_iter = self.application(environ, detect_start_response) Module paste.recursive:84 in __call__ <Mail Attachment.jpeg> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> view<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> return self.application(environ, start_response) Module galaxy.web.framework.middleware.remoteuser:91 in __call__ <Mail Attachment.jpeg> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> view<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> return self.app( environ, start_response ) Module paste.httpexceptions:633 in __call__ <Mail Attachment.jpeg> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> view<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> return self.application(environ, start_response) Module galaxy.web.framework.base:132 in __call__ <Mail Attachment.jpeg> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> view<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> return self.handle_request( environ, start_response ) Module galaxy.web.framework.base:190 in handle_request <Mail Attachment.jpeg> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> view<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> body = method( trans, **kwargs ) Module galaxy.web.framework:98 in decorator <Mail Attachment.jpeg> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> view<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> return func( self, trans, *args, **kwargs ) Module galaxy.webapps.galaxy.controllers.dataset:555 in list <Mail Attachment.jpeg> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> view<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> status, message = self._copy_datasets( trans, hda_ids, target_histories ) Module galaxy.webapps.galaxy.controllers.dataset:1127 in _copy_datasets <Mail Attachment.jpeg> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> view<https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> <https://galaxy.research.cchmc.org/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False#> if user != history.user: AttributeError: 'NoneType' object has no attribute 'user'
Thanks, Prakash ___________________________________________________________ The Galaxy User list should be used for the discussion of Galaxy analysis and other features on the public server at usegalaxy.org<http://usegalaxy.org/>. Please keep all replies on the list by using "reply all" in your mail client. For discussion of local Galaxy instances and the Galaxy source code, please use the Galaxy Development list: http://lists.bx.psu.edu/listinfo/galaxy-dev To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ -- Jennifer Hillman-Jackson http://galaxyproject.org<http://galaxyproject.org/> ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/