Sadly, providing an authenticator in galaxy/auth/providers does not look like it will not
work for SAML authentication since the authenticator is invoked after the user has already
been prompted for a username and password. Rather it looks like I will need to use the
approach used for OpenID authentication and described at
Does the Galaxy team have any plans to modularize third-party authenticators such as
OpenID, SAML, OAuth2 etc? If we do implement this it would be nice to do it in such a way
that would help Galaxy move towards that goal.
On Feb 27, 2017, at 12:55 PM, Björn Grüning
This all seems correct and I own you so many beers if you get this
Am 27.02.2017 um 18:34 schrieb Keith Suderman:
> Is anyone using SAML for authentication? There is a feature request for
> SAML support on GitHub (
), but it doesn't
> look like any work has been done.
> We need to add the ability for our users to authenticate with a SAML
> identity provider (IdP), in particular with InCommon/EduRoam/EduCause et
> al. Looking at the documentation there appears to be "the old way"
> (configuring Apache/Nginx to do the authentication) and "the new way"
> where Galaxy handles the authentication. Is it correct to assume that
> to use the new way I should implement an external authenticator,
> something like galaxy/auth/providers/saml.py and then some sort of magic
> to get a config/auth_conf.xml working?
> I just want to make sure I am heading down the correct path before
> investing too much time.
> - Keith
> Keith Suderman
> Research Associate
> Department of Computer Science
> Vassar College, Poughkeepsie NY
> suderman(a)cs.vassar.edu <mailto:firstname.lastname@example.org>
> Please keep all replies on the list by using "reply all"
> in your mail client. To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> To search Galaxy mailing lists use the unified search at:
Department of Computer Science
Vassar College, Poughkeepsie NY