View markdown source on GitHub

External Authentication

Contributors

Martin Čech, Nicola Soranzo

Questions

Objectives

last_modification Last modification: Apr 6, 2021

Auth Mechanisms supported


Galaxy account


Authentication tweaks

In galaxy.yml:

Speaker Notes https://github.com/martenson/disposable-email-domains


Reverse proxy

In galaxy.yml:

Dedicated Galaxy external auth documentation.


General configuration


Nginx


Example PAM stack


Example nginx.conf

location / {
    auth_pam "Basic Auth Realm Name";
    auth_pam_service_name "nginx";
    ...
    proxy_set_header REMOTE_USER $remote_user; # if using Paste
    uwsgi_param HTTP_REMOTE_USER $remote_user; # if using uWSGI
}

The value of auth_pam_service_name must match the filename of the pam configuration you created in /etc/pam.d/ .

Dedicated Galaxy with Nginx documentation.


Apache httpd

The authentication module (basic authentication, mod_auth_kerb, mod_authnz_ldap, mod_auth_cas, Cosign, etc.) is responsible for providing a username, which we will pass through the proxy to Galaxy as $REMOTE_USER.

In addition to the modules above, mod_headers must be enabled in the Apache config, for some types of authentication.

Dedicated Galaxy with Apache documentation.


Galaxy Authentication Framework

Authenticate to external services directly in Galaxy

Available provider modules for:


Key Points

Thank you!

This material is the result of a collaborative work. Thanks to the Galaxy Training Network and all the contributors! page logo This material is licensed under the Creative Commons Attribution 4.0 International License.