If you're using HTTP Auth, that will be the case since HTTP Auth has no notion of sessions, the auth credentials must be provided with every request.

For a more robust solution, you probably want to use an auth filter that creates an authentication session. Penn State uses Cosign for this, but there are other options.

On Feb 25, 2014, at 17:09, "Langhorst, Brad" <Langhorst@neb.com> wrote:

Has anyone set up a local toolshed with external authentication?

Is this expected to work?

I have external auth working, but tools cannot be installed (403 forbidden) unless I turn of authentication.

If i turn on remote-auth, i have to configure the webserver to ask for credentials otherwise i get an error page.

It would make sense to have the webserver request credentials only for requests to a login page, but I don’t see how to do that.

For now I’ve just turned off remote-auth.

Brad

Brad Langhorst, Ph.D.

Applications and Product Development Scientist

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/mailinglists/