We are (finally) adding SAML authentication to our Galaxy instance so users can authenticate with EduGain (EU) or InCommon (US). While doing some searching I found an article that says, "Galaxy supports LDAP, SAML and now OIDC (see https://galaxyproject.org/authnz/ <https://galaxyproject.org/authnz/>)." [1] Looking at the release_20.01 code I see lots has changed in respect to authorization (we are still using 19.01 so I am glad I looked), but I don't see anything related to SAML. I am not finding anything in the documentation either. I am missing something or am I looking in the wrong place(s)? I was expecting (hoping) to see a saml.py in /lib/galaxy/auth/providers/ or something similar.
I do have Shibboleth authentication working using Apache and mod_shib in front of Galaxy, but that requires everyone to be able to authenticate and we would still like to allow anonymous access. Ideally users that don't have InCommon/EduGain access would still be able to create local accounts as well. Before I start hacking around trying to create an authentication plugin for Galaxy I wanted to check to see if there was any other ongoing work in the same area. There is an old issue on GitHub [2], but I can't find anything else related. I see the OIDC stuff uses social-auth, which does include a SAML backend. Social-auth just uses the python3-saml package and I already have a simple client that uses python3-saml for authentication so I am hoping a saml plugin will be "Relatively Easy" (TM). Thanks, Keith 1. https://academic.oup.com/bioinformatics/article/36/1/1/5514039 2. https://github.com/galaxyproject/galaxy/issues/3146 ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: %(web_page_url)s To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/
