View markdown source on GitHub

External Authentication




last_modification Published: Jan 28, 2019
last_modification Last Updated: Jun 14, 2022

Auth Mechanisms supported

Galaxy account

Authentication tweaks

In galaxy.yml:

Speaker Notes

Reverse proxy

In galaxy.yml:

Dedicated Galaxy external auth documentation.

General configuration


Example PAM stack

Example nginx.conf

location / {
    auth_pam "Basic Auth Realm Name";
    auth_pam_service_name "nginx";
    proxy_set_header REMOTE_USER $remote_user;

The value of auth_pam_service_name must match the filename of the pam configuration you created in /etc/pam.d/ .

Dedicated Galaxy with Nginx documentation.

Apache httpd

The authentication module (basic authentication, mod_auth_kerb, mod_authnz_ldap, mod_auth_cas, Cosign, etc.) is responsible for providing a username, which we will pass through the proxy to Galaxy as $REMOTE_USER.

In addition to the modules above, mod_headers must be enabled in the Apache config, for some types of authentication.

Dedicated Galaxy with Apache documentation.

Galaxy Authentication Framework

Authenticate to external services directly in Galaxy

Available provider modules for:

Key Points

Thank you!

This material is the result of a collaborative work. Thanks to the Galaxy Training Network and all the contributors! page logo Tutorial Content is licensed under Creative Commons Attribution 4.0 International License.