On Jun 20, 2011, at 2:40 PM, Nate Coraor wrote:
Shantanu Pavgi wrote:
> We have a galaxy server setup using external shibboleth authentication. While we
would like to have site behind authentication realm, there are instances when our galaxy
datasets/histories need to be accessible publicly from other websites. We tried adding an
exception to auth rule for /datasets path using Location directive in apache web server
configuration, however galaxy server returned an error as:
> Access to Galaxy is denied
> Galaxy is configured to authenticate users via an external method (such as HTTP
authentication in Apache), but a username was not provided by the upstream (proxy) server.
This is generally due to a misconfiguration in the upstream server.
> Is there any way to share public histories and datasets when galaxy is using external
authentication mechanism? I have thought about setting up (fake) anonymous REMOTE_USER
variable for /datasets path, but not sure whether this is correct approach. Also, would
it require any galaxy code changes? Any thoughts?
That's about all you can do, or modify
lib/galaxy/web/framework/middleware/remoteuser.py to let these
connections through. I would suggest the former solution of setting a
header in Apache, but only set it if the user is not authenticated.
Thanks for the reply Nate. That's helpful.