Hi,
I'm currently solving a problem with authentication to FTP service for users of our galaxy server. We've successfully established an authentication via shibboleth behind Nginx (not very easy, but doable :) but that also means that ProFTPD is not working anymore, as it doesn't support SAML authentication. So my question is obvious, I'm looking for an easy and free FTP server with SAML support, can anybody help me with an advice? I've already found CompleteFTP and CrushFTP but both are paid and one is Windows-only allegedly. So how do you - people using external authentication via SAML - do this? Thanks in advance for any kind of useful advice. Best wishes, Martin Demko ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/ |
CrushFTP will support SAML auth only on HTTP transfers not FTP (the actual protocol) tranfers.
SAML is HTTP centric spec, hooking it up to other non-HTTP portocols is diffcult, more info here :
You will not find any single FTP (the actual protocol) server with SAML support. However, you can use HTTP uploader tools that you can hook up more or less easly with SAML (bear in mind that Galaxy needs to have access to files once uploaded which
can add more complexity to the integration with thirdparty upload tools) And since you're down the HTTP uploading path, you may jus stick with Galaxy's own HTTP upload feature.
If you need FTP, your best option, is to connect the ProfFTPD to the LDAP/AD server used by the SAML IdP itself. This setup can only work in a single oragnization (no SAML federation in action)
If you have time, there are many JS libs that you can use to build a custom file uploader (with SAML auth, HTML5 and resuming support) :
(and even in this situation, it will be difficult to handle CLI based upload workflows)
Youssef Ghorbal
Institut Pasteur
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/ |
Dear Youssef,
thank you a lot for your extensive answer. I need to digest this first but I believe it will help a lot. So far, I've just changed the quota for Galaxy upload tool and according to your answer, it looks like the best and easiest option anyway. Best wishes, Martin "Youssef GHORBAL" <[hidden email]> wrote on Tue, 17 Apr 2018 09:33:16 +0000: > > On 16 Apr 2018, at 11:53, Martin Demko <[hidden email]<mailto:[hidden email]>> wrote: > > Hi, > I'm currently solving a problem with authentication to FTP service for users > of > our galaxy server. We've successfully established an authentication via > shibboleth behind Nginx (not very easy, but doable :) but that also means > that > ProFTPD is not working anymore, as it doesn't support SAML > authentication. > > So my question is obvious, I'm looking for an easy and free FTP server with > SAML support, can anybody help me with an advice? I've already found > CompleteFTP and CrushFTP but both are paid and one is Windows-only > allegedly. > So how do you - people using external authentication via SAML - do > this? > > CrushFTP will support SAML auth only on HTTP transfers not FTP (the actual > protocol) tranfers. > SAML is HTTP centric spec, hooking it up to other non-HTTP portocols is > diffcult, more info here : > https://wiki.shibboleth.net/confluence/display/CONCEPT/ECP > http://www.cilogon.org/ws/saml-outside-the-browser > > You will not find any single FTP (the actual protocol) server with SAML > support. However, you can use HTTP uploader tools that you can hook up more > or less easly with SAML (bear in mind that Galaxy needs to have access to > files once uploaded which can add more complexity to the integration with > thirdparty upload tools) And since you're down the HTTP uploading path, you > may jus stick with Galaxy's own HTTP upload feature. > > If you need FTP, your best option, is to connect the ProfFTPD to the > LDAP/AD server used by the SAML IdP itself. This setup can only work in a > single oragnization (no SAML federation in action) > > If you have time, there are many JS libs that you can use to build a custom > file uploader (with SAML auth, HTML5 and resuming support) : > http://www.resumablejs.com > https://tus.io > > (and even in this situation, it will be difficult to handle CLI based > upload workflows) > > Youssef Ghorbal > Institut Pasteur Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/ |
Hi all,
with the 'chunked and resumable uploads' PR in place (https://github.com/galaxyproject/galaxy/pull/5516) the resiliency of the built-in uploader should be pretty high, especially on browser like Chrome. This feature will make it to 18.05 release. M. On Tue, Apr 17, 2018 at 2:20 PM Martin Demko <[hidden email]> wrote: Dear Youssef, ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/ |
Free forum by Nabble | Edit this page |