Eric, Thanks for the response. That made me take a closer look at the apache/shibboleth configuration, and it turns out that adjusting some settings in the shibboleth config fixed the problem. Mike Waldron ________________________________________ From: Eric Rasche [rasche.eric@yandex.ru] Sent: Thursday, January 15, 2015 11:28 AM To: Waldron, Michael H Subject: Re: [galaxy-dev] Configuring external user authentication Hi Mike, On January 15, 2015 1:37:24 PM GMT+00:00, "Waldron, Michael H" <mwaldron@email.unc.edu> wrote:

We have an older galaxy installation (uses universe_wsgi.ini config file), that's configured for external user authentication, provided by our Apache proxy setup which uses Shibboleth to our campus authentication system. This works just fine.

I'm setting up a new galaxy installation, the configuration files are now different, i.e. galaxy.ini, etc., and am having trouble getting the same authentication mechanism to work. I have the same Apache proxy configuration that I do on the old galaxy, and I've set "use_remote_user = True" in galaxy.ini. When I go to the new galaxy URL, it correctly goes to our Shibbleth authentication screen, but upon returning to galaxy after successful authentication, I get an error "The proxy server received an invalid response from an upstream server."

That response sounds like there's something amiss in your apache/nginx conf, not Galaxy. That's not a Galaxy error message if memory serves.

I have verified that Shibboleth is returning the same information to both the old galaxy server and the new galaxy server. I believe galaxy is looking for the REMOTE_USER value, which is indeed being provided. In my case it provides: (REMOTE_USER) mwaldron (HTTP_REMOTE_USER)

If you need to set Galaxy to check a different header, you can set remote_user_header = HTTP_REMOTE_USER

Am I missing something in the galaxy configuration?

Mike Waldron Systems Specialist ITS - Research Computing Center University of North Carolina at Chapel Hill

------------------------------------------------------------------------

___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/

Hope that helps, Cheers, Eric -- Sent from my Android device with K-9 Mail. Please excuse my brevity.