LDAP - remote_user - Apollo v3

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

LDAP - remote_user - Apollo v3

Alexie Papanicolaou

Hey guys

 

I hope I’ve done a really simple error but it’s taken me too many hours to figure out how to implement Remote_user with LDAP in the webapollo v3 branch (worked fine before)

 

None of these work

(NB: the {}s is because I use SSL, which the apollo docs don’t use – but really should use SSL!)

 

#not work       RequestHeader set REMOTE_USER %{REMOTE_USER}s

#not work       RequestHeader set Remote_User    "expr=%{REMOTE_USER}"

#not work       RequestHeader set Remote_User %{REMOTE_USER}s

#prints good        Header set print1 %{REMOTE_USER}s

#prints good        Header set print2 "expr=%{REMOTE_USER}"

 

After successfully authenticating, I keep getting the login form.

Any idea what’s the right block or how I could debug it?

 

The Debug logs do not offer anything I can see.

 

The user (email address $i) was created with arrow:

 randomPass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)

  arrow -a gpi users create_user --role user --metadata '{"INTERNAL_PASSWORD":"'$randomPass'"}' $i REMOTE_USER $i $randomPass

  arrow -a gpi users add_to_group $APOLLO_GR $i

 

 

My apollo config is using remote auth…

 

Log files are available upon request via email.

a

 

--
NB I work weird hours. If you receive an email from me, I don’t expect you to reply during your off-hours.

 

 

 

--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: LDAP - remote_user - Apollo v3

Alexie Papanicolaou
This is the relevant apollo from the syslog after failing to authenticate with remote_user using the following logging:

    debug 'org.bbop.apollo'
    trace 'org.hibernate.type'
    debug 'org.hibernate.SQL'
    debug 'grails.app'
    info 'grails.app.controllers.org.bbop.apollo.GroupController'
    debug 'grails.app.controllers.org.bbop.apollo.UserController'
    debug 'grails.app.controllers'
    debug 'grails.app.services'

Dec 21 14:57:04 cory tomcat9[1861087]: 2020-12-21 14:57:04,538 [catalina-exec-8] DEBUG apollo.AnnotatorController  - loading the index
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - PS: getCurrentOrganismForCurrentUser 1000343939715597398435803707
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - No session found
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - found organism in session null so returning
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] WARN  apollo.PreferenceService  - No user present, so using the client token
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] DEBUG apollo.PreferenceService  - token for org 1000343939715597398435803707
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] DEBUG apollo.PreferenceService  - is NOT long
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,323 [catalina-exec-5] DEBUG hibernate.SQL  - select this_.id as id1_56_0_, this_.version as version2_56_0_, this_.abbreviation as abbrevia3_56_0_, this_.blatdb as blatdb4_56_0_, this_.comment as comment5_56_0_, this_.common_name as common_n6_56_0_, this_.data_added_via_web_services as data_add7_56_0_, this_.directory as director8_56_0_, this_.genome_fasta as genome_f9_56_0_, this_.genome_fasta_index as genome_10_56_0_, this_.genus as genus11_56_0_, this_.metadata as metadat12_56_0_, this_.non_default_translation_table as non_def13_56_0_, this_.obsolete as obsolet14_56_0_, this_.official_gene_set_track as officia15_56_0_, this_.public_mode as public_16_56_0_, this_.species as species17_56_0_, this_.valid as valid18_56_0_ from organism this_ where this_.common_name=? limit ?
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,323 [catalina-exec-5] TRACE sql.BasicBinder  - binding parameter [1] as [VARCHAR] - [1000343939715597398435803707]
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,344 [catalina-exec-9] DEBUG apollo.PermissionService  - No session found
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,346 [catalina-exec-8] DEBUG apollo.AnnotationEditorController  - getSequenceSearchTools null
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] DEBUG apollo.PreferenceService  - Evaluating saves: true
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] DEBUG apollo.PreferenceService  - Saving with time diff: 523990
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] WARN  apollo.PermissionService  - Failed to authenticate user
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,398 [catalina-exec-6] DEBUG hibernate.SQL  - select count(*) as y0_ from grails_user this_
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,399 [catalina-exec-6] TRACE sql.BasicExtractor  - extracted value ([y0_] : [BIGINT]) - [7]

Would have been great to have more debug info for the bold line above (e.g. which user) but there is none even if i set that particular service to trace.

I saved the response header and can see that it is passed correctly. Authentications is also correct:

authentications = [
        ["name":"Remote User Authenticator",
         "className":"remoteUserAuthenticatorService",
         "active":true,
         "params":["default_group": "remote_users"],
        ]
        ,
        ["name":"Username Password Authenticator",
         "className":"usernamePasswordAuthenticatorService",
         "active":true,
        ]
      ]

Has anyone gotten Remote_user to work with apollo 3x?

ta
a



On Mon, 21 Dec 2020 at 11:53, Alexie Papanicolaou <[hidden email]> wrote:

Hey guys

 

I hope I’ve done a really simple error but it’s taken me too many hours to figure out how to implement Remote_user with LDAP in the webapollo v3 branch (worked fine before)

 

None of these work

(NB: the {}s is because I use SSL, which the apollo docs don’t use – but really should use SSL!)

 

#not work       RequestHeader set REMOTE_USER %{REMOTE_USER}s

#not work       RequestHeader set Remote_User    "expr=%{REMOTE_USER}"

#not work       RequestHeader set Remote_User %{REMOTE_USER}s

#prints good        Header set print1 %{REMOTE_USER}s

#prints good        Header set print2 "expr=%{REMOTE_USER}"

 

After successfully authenticating, I keep getting the login form.

Any idea what’s the right block or how I could debug it?

 

The Debug logs do not offer anything I can see.

 

The user (email address $i) was created with arrow:

 randomPass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)

  arrow -a gpi users create_user --role user --metadata '{"INTERNAL_PASSWORD":"'$randomPass'"}' $i REMOTE_USER $i $randomPass

  arrow -a gpi users add_to_group $APOLLO_GR $i

 

 

My apollo config is using remote auth…

 

Log files are available upon request via email.

a

 

--
NB I work weird hours. If you receive an email from me, I don’t expect you to reply during your off-hours.

 

 

 

--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: LDAP - remote_user - Apollo v3

Alexie Papanicolaou

So

 

I printed some extra debug sentences and it seems it never gets to the remote authentication, see bold:

 

 

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,766 [catalina-exec-4] DEBUG apollo.PermissionService  - authenetications: <[hidden email]>

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,767 [catalina-exec-4] DEBUG apollo.PermissionService  - this authenetication: <[hidden email]>

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,767 [catalina-exec-4] DEBUG apollo.PermissionService  - this authenetication: <[hidden email]>

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,767 [catalina-exec-4] DEBUG apollo.PermissionService  - authentication class is now usernamePasswordAuthenticatorService .

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,788 [catalina-exec-4] DEBUG apollo.PermissionService  - authentication of type Username Password Authenticator with user null and pass null .

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,793 [catalina-exec-4] WARN  apollo.PermissionService  - Failed to authenticate user

 

The apollo-config.groovy is

 

apollo{

      authentications = [

        ["name":"Remote User Authenticator",

         "className":"remoteUserAuthenticatorService",

         "active":true,

         "params":["default_group": "remote_users"],

        ]

        ,

        ["name":"Username Password Authenticator",

         "className":"usernamePasswordAuthenticatorService",

         "active":true,

        ]

      ]

 

I also confirmed this under webapps/apollo/WEB-INF/classes

 

I then looked at the grails-app/conf/Config.groovy

 

apollo{

    authentications = [

            ["name"     : "Remote User Authenticator",

             "className": "remoteUserAuthenticatorService",

             "active"   : false, # set this as true

            ],

            ["name"     : "Username Password Authenticator",

             "className": "usernamePasswordAuthenticatorService",

             "active"   : true,

            ]

    ]

 


When I  grails-app/conf/Config.groovy directly, then everything works fine.


So the issue lies with how the config  apollo-config.groovy is merged (or not in this case) with grails-app/conf/Config.groovy 

a




On Mon, 21 Dec 2020 at 15:10, Alexie Papanicolaou <[hidden email]> wrote:
This is the relevant apollo from the syslog after failing to authenticate with remote_user using the following logging:

    debug 'org.bbop.apollo'
    trace 'org.hibernate.type'
    debug 'org.hibernate.SQL'
    debug 'grails.app'
    info 'grails.app.controllers.org.bbop.apollo.GroupController'
    debug 'grails.app.controllers.org.bbop.apollo.UserController'
    debug 'grails.app.controllers'
    debug 'grails.app.services'

Dec 21 14:57:04 cory tomcat9[1861087]: 2020-12-21 14:57:04,538 [catalina-exec-8] DEBUG apollo.AnnotatorController  - loading the index
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - PS: getCurrentOrganismForCurrentUser 1000343939715597398435803707
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - No session found
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - found organism in session null so returning
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] WARN  apollo.PreferenceService  - No user present, so using the client token
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] DEBUG apollo.PreferenceService  - token for org 1000343939715597398435803707
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] DEBUG apollo.PreferenceService  - is NOT long
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,323 [catalina-exec-5] DEBUG hibernate.SQL  - select this_.id as id1_56_0_, this_.version as version2_56_0_, this_.abbreviation as abbrevia3_56_0_, this_.blatdb as blatdb4_56_0_, this_.comment as comment5_56_0_, this_.common_name as common_n6_56_0_, this_.data_added_via_web_services as data_add7_56_0_, this_.directory as director8_56_0_, this_.genome_fasta as genome_f9_56_0_, this_.genome_fasta_index as genome_10_56_0_, this_.genus as genus11_56_0_, this_.metadata as metadat12_56_0_, this_.non_default_translation_table as non_def13_56_0_, this_.obsolete as obsolet14_56_0_, this_.official_gene_set_track as officia15_56_0_, this_.public_mode as public_16_56_0_, this_.species as species17_56_0_, this_.valid as valid18_56_0_ from organism this_ where this_.common_name=? limit ?
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,323 [catalina-exec-5] TRACE sql.BasicBinder  - binding parameter [1] as [VARCHAR] - [1000343939715597398435803707]
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,344 [catalina-exec-9] DEBUG apollo.PermissionService  - No session found
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,346 [catalina-exec-8] DEBUG apollo.AnnotationEditorController  - getSequenceSearchTools null
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] DEBUG apollo.PreferenceService  - Evaluating saves: true
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] DEBUG apollo.PreferenceService  - Saving with time diff: 523990
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] WARN  apollo.PermissionService  - Failed to authenticate user
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,398 [catalina-exec-6] DEBUG hibernate.SQL  - select count(*) as y0_ from grails_user this_
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,399 [catalina-exec-6] TRACE sql.BasicExtractor  - extracted value ([y0_] : [BIGINT]) - [7]

Would have been great to have more debug info for the bold line above (e.g. which user) but there is none even if i set that particular service to trace.

I saved the response header and can see that it is passed correctly. Authentications is also correct:

authentications = [
        ["name":"Remote User Authenticator",
         "className":"remoteUserAuthenticatorService",
         "active":true,
         "params":["default_group": "remote_users"],
        ]
        ,
        ["name":"Username Password Authenticator",
         "className":"usernamePasswordAuthenticatorService",
         "active":true,
        ]
      ]

Has anyone gotten Remote_user to work with apollo 3x?

ta
a



On Mon, 21 Dec 2020 at 11:53, Alexie Papanicolaou <[hidden email]> wrote:

Hey guys

 

I hope I’ve done a really simple error but it’s taken me too many hours to figure out how to implement Remote_user with LDAP in the webapollo v3 branch (worked fine before)

 

None of these work

(NB: the {}s is because I use SSL, which the apollo docs don’t use – but really should use SSL!)

 

#not work       RequestHeader set REMOTE_USER %{REMOTE_USER}s

#not work       RequestHeader set Remote_User    "expr=%{REMOTE_USER}"

#not work       RequestHeader set Remote_User %{REMOTE_USER}s

#prints good        Header set print1 %{REMOTE_USER}s

#prints good        Header set print2 "expr=%{REMOTE_USER}"

 

After successfully authenticating, I keep getting the login form.

Any idea what’s the right block or how I could debug it?

 

The Debug logs do not offer anything I can see.

 

The user (email address $i) was created with arrow:

 randomPass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)

  arrow -a gpi users create_user --role user --metadata '{"INTERNAL_PASSWORD":"'$randomPass'"}' $i REMOTE_USER $i $randomPass

  arrow -a gpi users add_to_group $APOLLO_GR $i

 

 

My apollo config is using remote auth…

 

Log files are available upon request via email.

a

 

--
NB I work weird hours. If you receive an email from me, I don’t expect you to reply during your off-hours.

 

 

 

--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: LDAP - remote_user - Apollo v3

Alexie Papanicolaou
and finally...

I think this was causing the (silent) fail:

blat_prot {
        search_exe = "/usr/local/bin/blat"
        search_class = "org.bbop.apollo.sequence.search.blat.BlatCommandLineProteinToNucleotide"
        name = "Blat protein to nucleotide"
        params = ""
        tmp_dir : "/scratch_cory/sysadmin/tomcat/gpi/work/Catalina/curations.stressedfruitfly.com/apollo/blat"
    }

the tmp_dir should have been =
As a result the next block was not working...

would have been awesome to have a way for viewing all the configuration variables within the webapollo... (e.g. a report under admin)....

a


On Mon, 21 Dec 2020 at 16:54, Alexie Papanicolaou <[hidden email]> wrote:

So

 

I printed some extra debug sentences and it seems it never gets to the remote authentication, see bold:

 

 

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,766 [catalina-exec-4] DEBUG apollo.PermissionService  - authenetications: <[hidden email]>

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,767 [catalina-exec-4] DEBUG apollo.PermissionService  - this authenetication: <[hidden email]>

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,767 [catalina-exec-4] DEBUG apollo.PermissionService  - this authenetication: <[hidden email]>

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,767 [catalina-exec-4] DEBUG apollo.PermissionService  - authentication class is now usernamePasswordAuthenticatorService .

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,788 [catalina-exec-4] DEBUG apollo.PermissionService  - authentication of type Username Password Authenticator with user null and pass null .

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,793 [catalina-exec-4] WARN  apollo.PermissionService  - Failed to authenticate user

 

The apollo-config.groovy is

 

apollo{

      authentications = [

        ["name":"Remote User Authenticator",

         "className":"remoteUserAuthenticatorService",

         "active":true,

         "params":["default_group": "remote_users"],

        ]

        ,

        ["name":"Username Password Authenticator",

         "className":"usernamePasswordAuthenticatorService",

         "active":true,

        ]

      ]

 

I also confirmed this under webapps/apollo/WEB-INF/classes

 

I then looked at the grails-app/conf/Config.groovy

 

apollo{

    authentications = [

            ["name"     : "Remote User Authenticator",

             "className": "remoteUserAuthenticatorService",

             "active"   : false, # set this as true

            ],

            ["name"     : "Username Password Authenticator",

             "className": "usernamePasswordAuthenticatorService",

             "active"   : true,

            ]

    ]

 


When I  grails-app/conf/Config.groovy directly, then everything works fine.


So the issue lies with how the config  apollo-config.groovy is merged (or not in this case) with grails-app/conf/Config.groovy 

a




On Mon, 21 Dec 2020 at 15:10, Alexie Papanicolaou <[hidden email]> wrote:
This is the relevant apollo from the syslog after failing to authenticate with remote_user using the following logging:

    debug 'org.bbop.apollo'
    trace 'org.hibernate.type'
    debug 'org.hibernate.SQL'
    debug 'grails.app'
    info 'grails.app.controllers.org.bbop.apollo.GroupController'
    debug 'grails.app.controllers.org.bbop.apollo.UserController'
    debug 'grails.app.controllers'
    debug 'grails.app.services'

Dec 21 14:57:04 cory tomcat9[1861087]: 2020-12-21 14:57:04,538 [catalina-exec-8] DEBUG apollo.AnnotatorController  - loading the index
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - PS: getCurrentOrganismForCurrentUser 1000343939715597398435803707
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - No session found
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - found organism in session null so returning
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] WARN  apollo.PreferenceService  - No user present, so using the client token
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] DEBUG apollo.PreferenceService  - token for org 1000343939715597398435803707
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] DEBUG apollo.PreferenceService  - is NOT long
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,323 [catalina-exec-5] DEBUG hibernate.SQL  - select this_.id as id1_56_0_, this_.version as version2_56_0_, this_.abbreviation as abbrevia3_56_0_, this_.blatdb as blatdb4_56_0_, this_.comment as comment5_56_0_, this_.common_name as common_n6_56_0_, this_.data_added_via_web_services as data_add7_56_0_, this_.directory as director8_56_0_, this_.genome_fasta as genome_f9_56_0_, this_.genome_fasta_index as genome_10_56_0_, this_.genus as genus11_56_0_, this_.metadata as metadat12_56_0_, this_.non_default_translation_table as non_def13_56_0_, this_.obsolete as obsolet14_56_0_, this_.official_gene_set_track as officia15_56_0_, this_.public_mode as public_16_56_0_, this_.species as species17_56_0_, this_.valid as valid18_56_0_ from organism this_ where this_.common_name=? limit ?
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,323 [catalina-exec-5] TRACE sql.BasicBinder  - binding parameter [1] as [VARCHAR] - [1000343939715597398435803707]
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,344 [catalina-exec-9] DEBUG apollo.PermissionService  - No session found
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,346 [catalina-exec-8] DEBUG apollo.AnnotationEditorController  - getSequenceSearchTools null
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] DEBUG apollo.PreferenceService  - Evaluating saves: true
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] DEBUG apollo.PreferenceService  - Saving with time diff: 523990
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] WARN  apollo.PermissionService  - Failed to authenticate user
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,398 [catalina-exec-6] DEBUG hibernate.SQL  - select count(*) as y0_ from grails_user this_
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,399 [catalina-exec-6] TRACE sql.BasicExtractor  - extracted value ([y0_] : [BIGINT]) - [7]

Would have been great to have more debug info for the bold line above (e.g. which user) but there is none even if i set that particular service to trace.

I saved the response header and can see that it is passed correctly. Authentications is also correct:

authentications = [
        ["name":"Remote User Authenticator",
         "className":"remoteUserAuthenticatorService",
         "active":true,
         "params":["default_group": "remote_users"],
        ]
        ,
        ["name":"Username Password Authenticator",
         "className":"usernamePasswordAuthenticatorService",
         "active":true,
        ]
      ]

Has anyone gotten Remote_user to work with apollo 3x?

ta
a



On Mon, 21 Dec 2020 at 11:53, Alexie Papanicolaou <[hidden email]> wrote:

Hey guys

 

I hope I’ve done a really simple error but it’s taken me too many hours to figure out how to implement Remote_user with LDAP in the webapollo v3 branch (worked fine before)

 

None of these work

(NB: the {}s is because I use SSL, which the apollo docs don’t use – but really should use SSL!)

 

#not work       RequestHeader set REMOTE_USER %{REMOTE_USER}s

#not work       RequestHeader set Remote_User    "expr=%{REMOTE_USER}"

#not work       RequestHeader set Remote_User %{REMOTE_USER}s

#prints good        Header set print1 %{REMOTE_USER}s

#prints good        Header set print2 "expr=%{REMOTE_USER}"

 

After successfully authenticating, I keep getting the login form.

Any idea what’s the right block or how I could debug it?

 

The Debug logs do not offer anything I can see.

 

The user (email address $i) was created with arrow:

 randomPass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)

  arrow -a gpi users create_user --role user --metadata '{"INTERNAL_PASSWORD":"'$randomPass'"}' $i REMOTE_USER $i $randomPass

  arrow -a gpi users add_to_group $APOLLO_GR $i

 

 

My apollo config is using remote auth…

 

Log files are available upon request via email.

a

 

--
NB I work weird hours. If you receive an email from me, I don’t expect you to reply during your off-hours.

 

 

 

--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: LDAP - remote_user - Apollo v3

nathandunn

Thanks for catching that.  I agree, knowing the final configs would be very helpful and I’ll get a fix in for it with doc:


I’ll try to address that when I’m back from break (though anyone else feel free to go wild). 

Nathan



On Dec 21, 2020, at 12:14 AM, Alexie Papanicolaou <[hidden email]> wrote:

and finally...

I think this was causing the (silent) fail:

blat_prot {
        search_exe = "/usr/local/bin/blat"
        search_class = "org.bbop.apollo.sequence.search.blat.BlatCommandLineProteinToNucleotide"
        name = "Blat protein to nucleotide"
        params = ""
        tmp_dir : "/scratch_cory/sysadmin/tomcat/gpi/work/Catalina/curations.stressedfruitfly.com/apollo/blat"
    }

the tmp_dir should have been =
As a result the next block was not working...

would have been awesome to have a way for viewing all the configuration variables within the webapollo... (e.g. a report under admin)....

a


On Mon, 21 Dec 2020 at 16:54, Alexie Papanicolaou <[hidden email]> wrote:
So

 

I printed some extra debug sentences and it seems it never gets to the remote authentication, see bold:

 

 

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,766 [catalina-exec-4] DEBUG apollo.PermissionService  - authenetications: <[hidden email]>
Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,767 [catalina-exec-4] DEBUG apollo.PermissionService  - this authenetication: <[hidden email]>
Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,767 [catalina-exec-4] DEBUG apollo.PermissionService  - this authenetication: <[hidden email]>
Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,767 [catalina-exec-4] DEBUG apollo.PermissionService  - authentication class is now usernamePasswordAuthenticatorService .
Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,788 [catalina-exec-4] DEBUG apollo.PermissionService  - authentication of type Username Password Authenticator with user null and pass null .
Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,793 [catalina-exec-4] WARN  apollo.PermissionService  - Failed to authenticate user

 

The apollo-config.groovy is

 

apollo{
      authentications = [
        ["name":"Remote User Authenticator",
         "className":"remoteUserAuthenticatorService",
         "active":true,
         "params":["default_group": "remote_users"],
        ]
        ,
        ["name":"Username Password Authenticator",
         "className":"usernamePasswordAuthenticatorService",
         "active":true,
        ]
      ]

 

I also confirmed this under webapps/apollo/WEB-INF/classes

 

I then looked at the grails-app/conf/Config.groovy

 

apollo{
    authentications = [
            ["name"     : "Remote User Authenticator",
             "className": "remoteUserAuthenticatorService",
             "active"   : false, # set this as true
            ],
            ["name"     : "Username Password Authenticator",
             "className": "usernamePasswordAuthenticatorService",
             "active"   : true,
            ]
    ]

 


When I  grails-app/conf/Config.groovy directly, then everything works fine.

So the issue lies with how the config  apollo-config.groovy is merged (or not in this case) with grails-app/conf/Config.groovy 
a



On Mon, 21 Dec 2020 at 15:10, Alexie Papanicolaou <[hidden email]> wrote:
This is the relevant apollo from the syslog after failing to authenticate with remote_user using the following logging:

    debug 'org.bbop.apollo'
    trace 'org.hibernate.type'
    debug 'org.hibernate.SQL'
    debug 'grails.app'
    info 'grails.app.controllers.org.bbop.apollo.GroupController'
    debug 'grails.app.controllers.org.bbop.apollo.UserController'
    debug 'grails.app.controllers'
    debug 'grails.app.services'

Dec 21 14:57:04 cory tomcat9[1861087]: 2020-12-21 14:57:04,538 [catalina-exec-8] DEBUG apollo.AnnotatorController  - loading the index
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - PS: getCurrentOrganismForCurrentUser 1000343939715597398435803707
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - No session found
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - found organism in session null so returning
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] WARN  apollo.PreferenceService  - No user present, so using the client token
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] DEBUG apollo.PreferenceService  - token for org 1000343939715597398435803707
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] DEBUG apollo.PreferenceService  - is NOT long
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,323 [catalina-exec-5] DEBUG hibernate.SQL  - select this_.id as id1_56_0_, this_.version as version2_56_0_, this_.abbreviation as abbrevia3_56_0_, this_.blatdb as blatdb4_56_0_, this_.comment as comment5_56_0_, this_.common_name as common_n6_56_0_, this_.data_added_via_web_services as data_add7_56_0_, this_.directory as director8_56_0_, this_.genome_fasta as genome_f9_56_0_, this_.genome_fasta_index as genome_10_56_0_, this_.genus as genus11_56_0_, this_.metadata as metadat12_56_0_, this_.non_default_translation_table as non_def13_56_0_, this_.obsolete as obsolet14_56_0_, this_.official_gene_set_track as officia15_56_0_, this_.public_mode as public_16_56_0_, this_.species as species17_56_0_, this_.valid as valid18_56_0_ from organism this_ where this_.common_name=? limit ?
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,323 [catalina-exec-5] TRACE sql.BasicBinder  - binding parameter [1] as [VARCHAR] - [1000343939715597398435803707]
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,344 [catalina-exec-9] DEBUG apollo.PermissionService  - No session found
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,346 [catalina-exec-8] DEBUG apollo.AnnotationEditorController  - getSequenceSearchTools null
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] DEBUG apollo.PreferenceService  - Evaluating saves: true
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] DEBUG apollo.PreferenceService  - Saving with time diff: 523990
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] WARN  apollo.PermissionService  - Failed to authenticate user
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,398 [catalina-exec-6] DEBUG hibernate.SQL  - select count(*) as y0_ from grails_user this_
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,399 [catalina-exec-6] TRACE sql.BasicExtractor  - extracted value ([y0_] : [BIGINT]) - [7]

Would have been great to have more debug info for the bold line above (e.g. which user) but there is none even if i set that particular service to trace.

I saved the response header and can see that it is passed correctly. Authentications is also correct:

authentications = [
        ["name":"Remote User Authenticator",
         "className":"remoteUserAuthenticatorService",
         "active":true,
         "params":["default_group": "remote_users"],
        ]
        ,
        ["name":"Username Password Authenticator",
         "className":"usernamePasswordAuthenticatorService",
         "active":true,
        ]
      ]

Has anyone gotten Remote_user to work with apollo 3x?

ta
a



On Mon, 21 Dec 2020 at 11:53, Alexie Papanicolaou <[hidden email]> wrote:
Hey guys

 

I hope I’ve done a really simple error but it’s taken me too many hours to figure out how to implement Remote_user with LDAP in the webapollo v3 branch (worked fine before)

 

None of these work
(NB: the {}s is because I use SSL, which the apollo docs don’t use – but really should use SSL!)

 

#not work       RequestHeader set REMOTE_USER %{REMOTE_USER}s
#not work       RequestHeader set Remote_User    "expr=%{REMOTE_USER}"
#not work       RequestHeader set Remote_User %{REMOTE_USER}s
#prints good        Header set print1 %{REMOTE_USER}s
#prints good        Header set print2 "expr=%{REMOTE_USER}"

 

After successfully authenticating, I keep getting the login form.
Any idea what’s the right block or how I could debug it?

 

The Debug logs do not offer anything I can see.

 

The user (email address $i) was created with arrow:
 randomPass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
  arrow -a gpi users create_user --role user --metadata '{"INTERNAL_PASSWORD":"'$randomPass'"}' $i REMOTE_USER $i $randomPass
  arrow -a gpi users add_to_group $APOLLO_GR $i

 

 

My apollo config is using remote auth…

 

Log files are available upon request via email.
a

 

--
NB I work weird hours. If you receive an email from me, I don’t expect you to reply during your off-hours.
 

 

 


--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: LDAP - remote_user - Apollo v3

nathandunn
I've added the resolved config to `systemInfo` page (via the admin panel) in the develop / default branch.  Thanks for requesting. 

On Monday, December 21, 2020 at 8:39:21 AM UTC-8 Nathan Dunn wrote:

Thanks for catching that.  I agree, knowing the final configs would be very helpful and I’ll get a fix in for it with doc:


I’ll try to address that when I’m back from break (though anyone else feel free to go wild). 

Nathan



On Dec 21, 2020, at 12:14 AM, Alexie Papanicolaou <[hidden email]> wrote:

and finally...

I think this was causing the (silent) fail:

blat_prot {
        search_exe = "/usr/local/bin/blat"
        search_class = "org.bbop.apollo.sequence.search.blat.BlatCommandLineProteinToNucleotide"
        name = "Blat protein to nucleotide"
        params = ""
        tmp_dir : "/scratch_cory/sysadmin/tomcat/gpi/work/Catalina/curations.stressedfruitfly.com/apollo/blat"
    }

the tmp_dir should have been =
As a result the next block was not working...

would have been awesome to have a way for viewing all the configuration variables within the webapollo... (e.g. a report under admin)....

a


On Mon, 21 Dec 2020 at 16:54, Alexie Papanicolaou <[hidden email]> wrote:
So

 

I printed some extra debug sentences and it seems it never gets to the remote authentication, see bold:

 

 

Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,767 [catalina-exec-4] DEBUG apollo.PermissionService  - authentication class is now usernamePasswordAuthenticatorService .
Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,788 [catalina-exec-4] DEBUG apollo.PermissionService  - authentication of type Username Password Authenticator with user null and pass null .
Dec 21 16:18:34 cory tomcat9[1892817]: 2020-12-21 16:18:34,793 [catalina-exec-4] WARN  apollo.PermissionService  - Failed to authenticate user

 

The apollo-config.groovy is

 

apollo{
      authentications = [
        ["name":"Remote User Authenticator",
         "className":"remoteUserAuthenticatorService",
         "active":true,
         "params":["default_group": "remote_users"],
        ]
        ,
        ["name":"Username Password Authenticator",
         "className":"usernamePasswordAuthenticatorService",
         "active":true,
        ]
      ]

 

I also confirmed this under webapps/apollo/WEB-INF/classes

 

I then looked at the grails-app/conf/Config.groovy

 

apollo{
    authentications = [
            ["name"     : "Remote User Authenticator",
             "className": "remoteUserAuthenticatorService",
             "active"   : false, # set this as true
            ],
            ["name"     : "Username Password Authenticator",
             "className": "usernamePasswordAuthenticatorService",
             "active"   : true,
            ]
    ]

 


When I  grails-app/conf/Config.groovy directly, then everything works fine.

So the issue lies with how the config  apollo-config.groovy is merged (or not in this case) with grails-app/conf/Config.groovy 
a



On Mon, 21 Dec 2020 at 15:10, Alexie Papanicolaou <[hidden email]> wrote:
This is the relevant apollo from the syslog after failing to authenticate with remote_user using the following logging:

    debug 'org.bbop.apollo'
    trace 'org.hibernate.type'
    debug 'org.hibernate.SQL'
    debug 'grails.app'
    info 'grails.app.controllers.org.bbop.apollo.GroupController'
    debug 'grails.app.controllers.org.bbop.apollo.UserController'
    debug 'grails.app.controllers'
    debug 'grails.app.services'

Dec 21 14:57:04 cory tomcat9[1861087]: 2020-12-21 14:57:04,538 [catalina-exec-8] DEBUG apollo.AnnotatorController  - loading the index
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - PS: getCurrentOrganismForCurrentUser 1000343939715597398435803707
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - No session found
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,321 [catalina-exec-5] DEBUG apollo.PreferenceService  - found organism in session null so returning
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] WARN  apollo.PreferenceService  - No user present, so using the client token
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] DEBUG apollo.PreferenceService  - token for org 1000343939715597398435803707
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,322 [catalina-exec-5] DEBUG apollo.PreferenceService  - is NOT long
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,323 [catalina-exec-5] DEBUG hibernate.SQL  - select this_.id as id1_56_0_, this_.version as version2_56_0_, this_.abbreviation as abbrevia3_56_0_, this_.blatdb as blatdb4_56_0_, this_.comment as comment5_56_0_, this_.common_name as common_n6_56_0_, this_.data_added_via_web_services as data_add7_56_0_, this_.directory as director8_56_0_, this_.genome_fasta as genome_f9_56_0_, this_.genome_fasta_index as genome_10_56_0_, this_.genus as genus11_56_0_, this_.metadata as metadat12_56_0_, this_.non_default_translation_table as non_def13_56_0_, this_.obsolete as obsolet14_56_0_, this_.official_gene_set_track as officia15_56_0_, this_.public_mode as public_16_56_0_, this_.species as species17_56_0_, this_.valid as valid18_56_0_ from organism this_ where this_.common_name=? limit ?
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,323 [catalina-exec-5] TRACE sql.BasicBinder  - binding parameter [1] as [VARCHAR] - [1000343939715597398435803707]
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,344 [catalina-exec-9] DEBUG apollo.PermissionService  - No session found
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,346 [catalina-exec-8] DEBUG apollo.AnnotationEditorController  - getSequenceSearchTools null
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] DEBUG apollo.PreferenceService  - Evaluating saves: true
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] DEBUG apollo.PreferenceService  - Saving with time diff: 523990
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,397 [catalina-exec-6] WARN  apollo.PermissionService  - Failed to authenticate user
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,398 [catalina-exec-6] DEBUG hibernate.SQL  - select count(*) as y0_ from grails_user this_
Dec 21 14:57:05 cory tomcat9[1861087]: 2020-12-21 14:57:05,399 [catalina-exec-6] TRACE sql.BasicExtractor  - extracted value ([y0_] : [BIGINT]) - [7]

Would have been great to have more debug info for the bold line above (e.g. which user) but there is none even if i set that particular service to trace.

I saved the response header and can see that it is passed correctly. Authentications is also correct:

authentications = [
        ["name":"Remote User Authenticator",
         "className":"remoteUserAuthenticatorService",
         "active":true,
         "params":["default_group": "remote_users"],
        ]
        ,
        ["name":"Username Password Authenticator",
         "className":"usernamePasswordAuthenticatorService",
         "active":true,
        ]
      ]

Has anyone gotten Remote_user to work with apollo 3x?

ta
a



On Mon, 21 Dec 2020 at 11:53, Alexie Papanicolaou <[hidden email]> wrote:
Hey guys

 

I hope I’ve done a really simple error but it’s taken me too many hours to figure out how to implement Remote_user with LDAP in the webapollo v3 branch (worked fine before)

 

None of these work
(NB: the {}s is because I use SSL, which the apollo docs don’t use – but really should use SSL!)

 

#not work       RequestHeader set REMOTE_USER %{REMOTE_USER}s
#not work       RequestHeader set Remote_User    "expr=%{REMOTE_USER}"
#not work       RequestHeader set Remote_User %{REMOTE_USER}s
#prints good        Header set print1 %{REMOTE_USER}s
#prints good        Header set print2 "expr=%{REMOTE_USER}"

 

After successfully authenticating, I keep getting the login form.
Any idea what’s the right block or how I could debug it?

 

The Debug logs do not offer anything I can see.

 

The user (email address $i) was created with arrow:
 randomPass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
  arrow -a gpi users create_user --role user --metadata '{"INTERNAL_PASSWORD":"'$randomPass'"}' $i REMOTE_USER $i $randomPass
  arrow -a gpi users add_to_group $APOLLO_GR $i

 

 

My apollo config is using remote auth…

 

Log files are available upon request via email.
a

 

--
NB I work weird hours. If you receive an email from me, I don’t expect you to reply during your off-hours.
 

 

 


--
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].