local toolshed with remote-user=true and require-user=falase

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

local toolshed with remote-user=true and require-user=falase

Langhorst, Brad
Has anyone set up a local toolshed with external authentication?
Is this expected to work?

I have external auth working, but tools cannot be installed (403 forbidden) unless I turn of authentication.

If i turn on remote-auth, i have to configure the webserver to ask for credentials otherwise i get an error page.

It would make sense to have the webserver request credentials only for requests to a login page, but I don’t see how to do that.

For now I’ve just turned off remote-auth.

Brad
--
Brad Langhorst, Ph.D.
Applications and Product Development Scientist


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: local toolshed with remote-user=true and require-user=falase

Eric Rasche
I've set it up with external authentication but haven't tried to pull any tools from it yet...been meaning to get around to that. Good to know it would've failed anyway.
Unfortunately "creds for login page only" is not how HTTP authentication works, so that's out of the question.
 
 
My initial thought was that you'd have to disable authentication on some subpages specific to pulling tools from toolsheds. Before replying I decided to test the following:
 
<Location /toolshed/repos/*/*/>
  Satisfy Any
  Allow from all
</Location>
 
which should work just fine, but it does not.
 
 
Moving on, one alternative I might suggest (and this is a small guess), is to have a specific galaxy user specified in whatever backend you're using for apache auth. Then use that username + password in the URL of the toolshed. e.g.,
 
    <tool_shed name="Local tool shed" url="http://username:[hidden email]/"/>
 
However, I have not tested this and don't know if it would work.  Hope that helps. Please let me know if you find a solution and I'll add it to the wiki.
 
 
Cheers,
Eric
 
 
25.02.2014, 22:15, "Langhorst, Brad" <[hidden email]>:
Has anyone set up a local toolshed with external authentication?
Is this expected to work?
 
I have external auth working, but tools cannot be installed (403 forbidden) unless I turn of authentication.
 
If i turn on remote-auth, i have to configure the webserver to ask for credentials otherwise i get an error page.
 
It would make sense to have the webserver request credentials only for requests to a login page, but I don’t see how to do that.
 
For now I’ve just turned off remote-auth.
 
Brad
--
Brad Langhorst, Ph.D.
Applications and Product Development Scientist
,

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

 
 
Eric Rasche
Programmer II
Center for Phage Technology
Texas A&M Univesity
College Station, TX 77843
Ph: <a href="http://tel:4046922048">4046922048
 
 

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: local toolshed with remote-user=true and require-user=falase

Nate Coraor (nate@bx.psu.edu)
In reply to this post by Langhorst, Brad
Hi Brad,

If you're using HTTP Auth, that will be the case since HTTP Auth has no notion of sessions, the auth credentials must be provided with every request.

For a more robust solution, you probably want to use an auth filter that creates an authentication session. Penn State uses Cosign for this, but there are other options.

--nate

On Feb 25, 2014, at 17:09, "Langhorst, Brad" <[hidden email]> wrote:

Has anyone set up a local toolshed with external authentication?
Is this expected to work?

I have external auth working, but tools cannot be installed (403 forbidden) unless I turn of authentication.

If i turn on remote-auth, i have to configure the webserver to ask for credentials otherwise i get an error page.

It would make sense to have the webserver request credentials only for requests to a login page, but I don’t see how to do that.

For now I’ve just turned off remote-auth.

Brad
--
Brad Langhorst, Ph.D.
Applications and Product Development Scientist

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
 http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
 http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: local toolshed with remote-user=true and require-user=falase

Langhorst, Brad

Hi Nate:


I'll look into an SSO situation... 

I assume this works because the front end to the toolshed can check to be sure that the admin requesting installation has an active session with the SSO server.


Brad


From: Nate Coraor <[hidden email]>
Sent: Wednesday, February 26, 2014 9:01 AM
To: Langhorst, Brad
Cc: [hidden email]
Subject: Re: [galaxy-dev] local toolshed with remote-user=true and require-user=falase
 
Hi Brad,

If you're using HTTP Auth, that will be the case since HTTP Auth has no notion of sessions, the auth credentials must be provided with every request.

For a more robust solution, you probably want to use an auth filter that creates an authentication session. Penn State uses Cosign for this, but there are other options.

--nate

On Feb 25, 2014, at 17:09, "Langhorst, Brad" <[hidden email]> wrote:

Has anyone set up a local toolshed with external authentication?
Is this expected to work?

I have external auth working, but tools cannot be installed (403 forbidden) unless I turn of authentication.

If i turn on remote-auth, i have to configure the webserver to ask for credentials otherwise i get an error page.

It would make sense to have the webserver request credentials only for requests to a login page, but I don’t see how to do that.

For now I’ve just turned off remote-auth.

Brad
--
Brad Langhorst, Ph.D.
Applications and Product Development Scientist

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
 http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
 http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/