View markdown source on GitHub

External Authentication


AvatarMartin Čech AvatarNicola Soranzo



last_modification Last modification: Apr 6, 2021

Auth Mechanisms supported

Galaxy account

Authentication tweaks

In galaxy.yml:

Speaker Notes

Reverse proxy

In galaxy.yml:

Dedicated Galaxy external auth documentation.

General configuration


Example PAM stack

Example nginx.conf

location / {
    auth_pam "Basic Auth Realm Name";
    auth_pam_service_name "nginx";
    proxy_set_header REMOTE_USER $remote_user; # if using Paste
    uwsgi_param HTTP_REMOTE_USER $remote_user; # if using uWSGI

The value of auth_pam_service_name must match the filename of the pam configuration you created in /etc/pam.d/ .

Dedicated Galaxy with Nginx documentation.

Apache httpd

The authentication module (basic authentication, mod_auth_kerb, mod_authnz_ldap, mod_auth_cas, Cosign, etc.) is responsible for providing a username, which we will pass through the proxy to Galaxy as $REMOTE_USER.

In addition to the modules above, mod_headers must be enabled in the Apache config, for some types of authentication.

Dedicated Galaxy with Apache documentation.

Galaxy Authentication Framework

Authenticate to external services directly in Galaxy

Available provider modules for:

Key Points

Thank you!

This material is the result of a collaborative work. Thanks to the Galaxy Training Network and all the contributors! page logo This material is licensed under the Creative Commons Attribution 4.0 International License.