We have an older galaxy installation (uses universe_wsgi.ini config file), that's configured for external user authentication, provided by our Apache proxy setup which uses Shibboleth
to our campus authentication system. This works just fine.
I'm setting up a new galaxy installation, the configuration files are now different, i.e. galaxy.ini, etc., and am having trouble getting the same authentication mechanism to work. I have the same Apache proxy configuration that I do on the old galaxy, and
I've set "use_remote_user = True" in galaxy.ini. When I go to the new galaxy URL, it correctly goes to our Shibbleth authentication screen, but upon returning to galaxy after successful authentication, I get an error "The proxy server received an invalid response
from an upstream server."
I have verified that Shibboleth is returning the same information to both the old galaxy server and the new galaxy server. I believe galaxy is looking for the REMOTE_USER value, which is indeed being provided. In my case it provides:
(REMOTE_USER) mwaldron
(HTTP_REMOTE_USER)
Am I missing something in the galaxy configuration?
Mike Waldron
Systems Specialist
ITS - Research Computing Center
University of North Carolina at Chapel Hill