Eric,
Thanks for the response. That made me take a closer look at the apache/shibboleth
configuration, and it turns out that adjusting some settings in the shibboleth config
fixed the problem.
Mike Waldron
________________________________________
From: Eric Rasche [rasche.eric(a)yandex.ru]
Sent: Thursday, January 15, 2015 11:28 AM
To: Waldron, Michael H
Subject: Re: [galaxy-dev] Configuring external user authentication
Hi Mike,
On January 15, 2015 1:37:24 PM GMT+00:00, "Waldron, Michael H"
<mwaldron(a)email.unc.edu> wrote:
We have an older galaxy installation (uses universe_wsgi.ini config
file), that's configured for external user authentication, provided by
our Apache proxy setup which uses Shibboleth to our campus
authentication system. This works just fine.
I'm setting up a new galaxy installation, the configuration files are
now different, i.e. galaxy.ini, etc., and am having trouble getting the
same authentication mechanism to work. I have the same Apache proxy
configuration that I do on the old galaxy, and I've set
"use_remote_user = True" in galaxy.ini. When I go to the new galaxy
URL, it correctly goes to our Shibbleth authentication screen, but upon
returning to galaxy after successful authentication, I get an error
"The proxy server received an invalid response from an upstream
server."
That response sounds like there's something amiss in your apache/nginx conf, not
Galaxy. That's not a Galaxy error message if memory serves.
I have verified that Shibboleth is returning the same information to
both the old galaxy server and the new galaxy server. I believe galaxy
is looking for the REMOTE_USER value, which is indeed being provided.
In my case it provides:
(REMOTE_USER) mwaldron
(HTTP_REMOTE_USER)
If you need to set Galaxy to check a different header, you can set
remote_user_header = HTTP_REMOTE_USER
Am I missing something in the galaxy configuration?
Mike Waldron
Systems Specialist
ITS - Research Computing Center
University of North Carolina at Chapel Hill
------------------------------------------------------------------------
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/mailinglists/
Hope that helps,
Cheers,
Eric
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.