Hi John, I think I found the issue. I had not commented out the "cookie_path" directive which is what caused the HISTORY issues I saw. However, I still would like to know if Galaxy can take something other than REMOTE_USER in the header variable to do external authentication. I would much rather have something done at the Galaxy end than introduce another Apache reverse proxy in the mix which could lead to some potential performance problems down the line. Thanks, Prakash On Jan 3, 2014, at 9:24 AM, John Chilton <chilton@msi.umn.edu> wrote:
Do you have a diff for the Galaxy changes you made? I could provide a second set of eyes to try to figure out if there is something you missed.
I would guess the best way to handle this would to have Apache translate whatever is coming from your Oracle product into a HTTP_REMOTE_USER header - my intuition is that this is possible but I am not Apache expert my configuration is try random things I find on the Internet until one of them works :(.
-John
On Thu, Jan 2, 2014 at 9:34 PM, Velayutham, Prakash (Prakash) <Prakash.Velayutham@cchmc.org> wrote:
Hi,
We have a SSO environment provided by Oracle Fusion products and for some reason, they don't like to send over HTTP_REMOTE_USER as a header variable to downstream servers. I have seen it before with other web sites I have integrated with Oracle Access Manager. Is there a way Galaxy can accept another HEADER variable than REMOTE_USER for its external authentication?
As an extension:
With just enabling HTTP_REMOTE_USER as a header variable from an external authenticator, Galaxy works without any issues. I tried this with a default Apache/mod_ldap/mod_authnz_ldap setup. However, when I mix the Oracle gateways into the mix, things break down. I made OAM send HTTP_AUTH_USER over to Galaxy. I changed all instances of REMOTE_USER to AUTH_USER in the installed location of Galaxy in my server. Authentication works fine, but I get issues with HISTORY part of Galaxy (below), when I access a workflow or basically any part of Galaxy that depends on HISTORY
Error Traceback: View as: Interactive | Text | XML (full) AttributeError: 'NoneType' object has no attribute 'user' URL: http://xxx.xxx.xxx/dataset/list?sort=-update_time&f-name=All&f-tags=All&f-deleted=False Module weberror.evalexception.middleware:364 in respond view
app_iter = self.application(environ, detect_start_response) Module paste.recursive:84 in __call__ view return self.application(environ, start_response) Module galaxy.web.framework.middleware.remoteuser:91 in __call__ view return self.app( environ, start_response ) Module paste.httpexceptions:633 in __call__ view return self.application(environ, start_response) Module galaxy.web.framework.base:132 in __call__ view return self.handle_request( environ, start_response ) Module galaxy.web.framework.base:190 in handle_request view body = method( trans, **kwargs ) Module galaxy.web.framework:98 in decorator view return func( self, trans, *args, **kwargs ) Module galaxy.webapps.galaxy.controllers.dataset:555 in list view status, message = self._copy_datasets( trans, hda_ids, target_histories ) Module galaxy.webapps.galaxy.controllers.dataset:1127 in _copy_datasets view if user != history.user: AttributeError: 'NoneType' object has no attribute 'user'
Thanks, Prakash.
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/