Has anyone set up a local toolshed with external authentication? Is this expected to work?
I have external auth working, but tools cannot be installed (403 forbidden) unless I turn of authentication.
If i turn on remote-auth, i have to configure the webserver to ask for credentials otherwise i get an error page.
It would make sense to have the webserver request credentials only for requests to a login page, but I don’t see how to do that.
For now I’ve just turned off remote-auth.
Brad -- Brad Langhorst, Ph.D. Applications and Product Development Scientist
Hi Brad,
If you're using HTTP Auth, that will be the case since HTTP Auth has no notion of sessions, the auth credentials must be provided with every request.
For a more robust solution, you probably want to use an auth filter that creates an authentication session. Penn State uses Cosign for this, but there are other options.
--nate
On Feb 25, 2014, at 17:09, "Langhorst, Brad" Langhorst@neb.com wrote:
Has anyone set up a local toolshed with external authentication? Is this expected to work?
I have external auth working, but tools cannot be installed (403 forbidden) unless I turn of authentication.
If i turn on remote-auth, i have to configure the webserver to ask for credentials otherwise i get an error page.
It would make sense to have the webserver request credentials only for requests to a login page, but I don’t see how to do that.
For now I’ve just turned off remote-auth.
Brad
Brad Langhorst, Ph.D. Applications and Product Development Scientist
Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Hi Nate:
I'll look into an SSO situation...
I assume this works because the front end to the toolshed can check to be sure that the admin requesting installation has an active session with the SSO server.
?
Brad
________________________________ From: Nate Coraor nate@bx.psu.edu Sent: Wednesday, February 26, 2014 9:01 AM To: Langhorst, Brad Cc: galaxy-dev@lists.bx.psu.edu Subject: Re: [galaxy-dev] local toolshed with remote-user=true and require-user=falase
Hi Brad,
If you're using HTTP Auth, that will be the case since HTTP Auth has no notion of sessions, the auth credentials must be provided with every request.
For a more robust solution, you probably want to use an auth filter that creates an authentication session. Penn State uses Cosign for this, but there are other options.
--nate
On Feb 25, 2014, at 17:09, "Langhorst, Brad" <Langhorst@neb.commailto:Langhorst@neb.com> wrote:
Has anyone set up a local toolshed with external authentication? Is this expected to work?
I have external auth working, but tools cannot be installed (403 forbidden) unless I turn of authentication.
If i turn on remote-auth, i have to configure the webserver to ask for credentials otherwise i get an error page.
It would make sense to have the webserver request credentials only for requests to a login page, but I don't see how to do that.
For now I've just turned off remote-auth.
Brad -- Brad Langhorst, Ph.D. Applications and Product Development Scientist
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
galaxy-dev@lists.galaxyproject.org
-
Eric Rasche -
Langhorst, Brad -
Nate Coraor