Sorry, maybe I'm not being clear. Galaxy is listening on http://galaxy.mycompany.com:8080
Users access Galaxy via http://mycompay.com/galaxy If users go to http://galaxy.mycompany.com:8080, they get the External Authentication message. From here I want them to be redirected to http://mycompay.com/galaxy which is where they will be authenticated. Users never see http://galaxy.mycompany.com:8080....they will always see http://mycompay.com/galaxy On Tue, Oct 13, 2015 at 12:36 PM, Eric Rasche <e...@tamu.edu> wrote: > > > On 10/13/2015 11:34 AM, Ryan G wrote: > > We have Apache set up to authenticate users off our LDAP. If they > > authenticate correctly, they are then forwarded on through the proxy. > > So, mod_auth_ldap? Or not? You say "forwarded" so I'm thinking you may > not mean this. > > > > > What I want is to prevent users from hitting the galaxy URL directly. > > If they, do I want to automatically redirect them to the proxy. > > Under mod_auth_ldap this should be done for you. > > (Worst case scenario you could write some mod_rewrite logic that checks > for the remote_user header and returns a 301 if it's missing with the > location of your login page) > > > > > > > On Tue, Oct 13, 2015 at 11:10 AM, Eric Rasche <e...@tamu.edu > > <mailto:e...@tamu.edu>> wrote: > > > > Hi Ryan, > > > > On 10/13/2015 09:50 AM, Ryan G wrote: > > > Hi all - In regards to external user authentication that I have > working > > > now (see thread below). When users try to go to the actual Galaxy > page, > > > they get the message: > > > > > > > > > Access to Galaxy is denied > > > > That's expected for External User Auth if you don't have the > REMOTE_USER > > header set properly. > > > > > > > > Galaxy is configured to authenticate users via an external method > (such > > > as HTTP authentication in Apache), but no shared secret key was > provided > > > by the upstream (proxy) server. > > > > > > Please contact your local Galaxy administrator. The variable > > > |remote_user_secret| and |GX_SECRET| header must be set before you > may > > > access Galaxy. > > > > > > > > > > > > That's fine and all but I'd like to have them redirected to the > real > > > login page. Is there a way to do this? I didn't see anything > obvious > > > and was thinking of adding a parameter to galaxy.ini and have > Galaxy > > > automatically forward them after 5 seconds or so. > > > > What external auth mechanism are you using? > > > > > > > > Ryan > > > > > > > > > On Tue, Oct 13, 2015 at 10:49 AM, Ryan G < > ngsbioinformat...@gmail.com <mailto:ngsbioinformat...@gmail.com> > > > <mailto:ngsbioinformat...@gmail.com <mailto: > ngsbioinformat...@gmail.com>>> > > wrote: > > > > > > Hi all - In regards to external user authentication that I have > > > working now (see thread below). When users try to go to the > actual > > > Galaxy page, they get the message: > > > > > > > > > On Thu, Oct 1, 2015 at 4:10 PM, Ryan G < > ngsbioinformat...@gmail.com <mailto:ngsbioinformat...@gmail.com> > > > <mailto:ngsbioinformat...@gmail.com <mailto: > ngsbioinformat...@gmail.com>>> > > wrote: > > > > > > I finally got around to this and all is working well. I > > > submitted 2 patches to remoteuser.py to assist in debugging > > > incorrect set ups. > > > > > > Last question - When a user logs out, they get the page > ""Access > > > to Galaxy user controls is disabled". I've set the > > > remote_user_logout_href parameter to a different website, > but > > > they still get the "Access to Galaxy user controls is > disabled". > > > > > > I see it in lib/galaxy/webapps/galaxy/controllers/user.py, > but I > > > think at that point its too late. > > > > > > > > > > > > On Tue, Sep 8, 2015 at 4:05 PM, Ryan G > > > <ngsbioinformat...@gmail.com <mailto: > ngsbioinformat...@gmail.com> > > > <mailto:ngsbioinformat...@gmail.com <mailto: > ngsbioinformat...@gmail.com>>> > > wrote: > > > > > > Yes, I have a test server I'm going to check this one. > > > thanks for the link, that's perfect...I'll add some > > > debugging code in here to see what's going on. > > > > > > On Tue, Sep 8, 2015 at 1:46 PM, Dannon Baker > > > <dannon.ba...@gmail.com <mailto:dannon.ba...@gmail.com > > > > <mailto:dannon.ba...@gmail.com <mailto:dannon.ba...@gmail.com>>> > wrote: > > > > > > Do you have a way to verify the "HTTP_MAIL" header > is > > > actually being passed through your proxy server? > > > > > > The problem is that Galaxy still doesn't think it's > > > receiving the expected headers, so there isn't a > good > > > way that it can tell you more about what might be > going > > > on. If you're able to tweak Galaxy (using a test > > > server) and add a few logging statements the code, > this > > > would be good places to check what's going on > (print the > > > `environ` dictionary associated with that request, > along > > > with self.remote_user_header to see what Galaxy is > > > actually trying to use): > > > > > > > https://github.com/galaxyproject/galaxy/blob/dev/lib/galaxy/web/framework/middleware/remoteuser.py#L49 > > > > > > -Dannon > > > > > > On Thu, Sep 3, 2015 at 1:51 PM, Ryan G > > > <ngsbioinformat...@gmail.com <mailto: > ngsbioinformat...@gmail.com> > > > <mailto:ngsbioinformat...@gmail.com <mailto: > ngsbioinformat...@gmail.com>>> > > wrote: > > > > > > It turns out our authentication system passes a > > > header 'HTTP_MAIL' which contains the users > email > > > address. In galaxy.ini, I have > > > > > > use_remote_user = True > > > remote_user_header = HTTP_MAIL > > > > > > After restarting,Galaxy still gives the same > error. > > > > > > On Mon, Aug 31, 2015 at 3:44 PM, Dannon Baker > > > <dannon.ba...@gmail.com <mailto: > dannon.ba...@gmail.com> > > > <mailto:dannon.ba...@gmail.com <mailto: > dannon.ba...@gmail.com>>> wrote: > > > > > > Hi Ryan, > > > > > > It may be that Galaxy is looking for a > different > > > remote user header than your proxy is > setting. > > > I believe by default we look for > > > HTTP_REMOTE_USER, but this is configurable > in > > > galaxy.ini (so, you could set yours to > HTTP_USER > > > there). Let me know if this doesn't sort > it out > > > for you and we can dig deeper! > > > > > > -Dannon > > > > > > On Mon, Aug 31, 2015 at 3:42 PM, Ryan G > > > <ngsbioinformat...@gmail.com <mailto: > ngsbioinformat...@gmail.com> > > > <mailto:ngsbioinformat...@gmail.com > > <mailto:ngsbioinformat...@gmail.com>>> wrote: > > > > > > Hi all - I'm trying to use external > user > > > authentication with Galaxy. The > external > > > authentication passes to Galaxy the > > username > > > with the mail domain at HTTP_USER. > > > > > > In galaxy.ini, I enable: > > > use_remote_user = True > > > > > > > > > When I try to access Galaxy, I get the > > message: > > > Galaxy is configured to authenticate > users > > > via an external method (such as HTTP > > > authentication in Apache), but a > username > > > was not provided by the upstream > (proxy) > > > server. This is generally due to a > > > misconfiguration in the upstream > server. > > > > > > But nothing in paster.log indicating > what > > > the error is. > > > > > > How do I track this down? > > > > > > > > > > > > > > ___________________________________________________________ > > > Please keep all replies on the list by > > using > > > "reply all" > > > in your mail client. To manage your > > > subscriptions to this > > > and other Galaxy lists, please use the > > > interface at: > > > https://lists.galaxyproject.org/ > > > > > > To search Galaxy mailing lists use the > > > unified search at: > > > > > http://galaxyproject.org/search/mailinglists/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ___________________________________________________________ > > > Please keep all replies on the list by using "reply all" > > > in your mail client. To manage your subscriptions to this > > > and other Galaxy lists, please use the interface at: > > > https://lists.galaxyproject.org/ > > > > > > To search Galaxy mailing lists use the unified search at: > > > http://galaxyproject.org/search/mailinglists/ > > > > > > > -- > > Eric Rasche > > Programmer II > > > > Center for Phage Technology > > Rm 312A, BioBio > > Texas A&M University > > College Station, TX 77843 > > 404-692-2048 <tel:404-692-2048> > > e...@tamu.edu <mailto:e...@tamu.edu> > > ___________________________________________________________ > > Please keep all replies on the list by using "reply all" > > in your mail client. To manage your subscriptions to this > > and other Galaxy lists, please use the interface at: > > https://lists.galaxyproject.org/ > > > > To search Galaxy mailing lists use the unified search at: > > http://galaxyproject.org/search/mailinglists/ > > > > > > -- > Eric Rasche > Programmer II > > Center for Phage Technology > Rm 312A, BioBio > Texas A&M University > College Station, TX 77843 > 404-692-2048 > e...@tamu.edu >
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
