Problem with logout when using apache and LDAP with remote-users for authentication


I’ve set up a galaxy server that users apache and remote user authentication.
When a user is logged in, pressing “logout” presents two problems:

  1. User is directed to the galaxy “login” page, that is not relevant for us because apache is passing credentials. I.e. the LDAP credentials do not work in the galaxy “login” page.
  2. If the user then presses the back button on the browser, the browser has cached credentials and the user is still logged in.

This has already been addressed in a galaxy help thread here from 2014 but I think the response is out of date:

I’m wondering if anyone has more updated experience with this?

For example, the following line in galaxy.yml does not appear to do anything in my installation. Adding a destination or removing the line entirely gives the same logout behavior.

remote_user_logout_href = 

EDIT thanks to comment below, the syntax for yml that I am using is, e.g.:

remote_user_logout_href: ''

I would appreciate any insight into how to properly log out users from Galaxy that are logged in as remote users from apache. One possibility that I’ve considered is to just solve #1, that is, to have the “logout” button go to a page that explains that the user must close the browser in order to log out but I’m not sure how to do that.

Thank you,

1 Like

The syntax you provided for remote_user_logout_href is ini and not yml.
Make sure you aren’t mixing them up.

Thank you @innovate-invent, I copied the syntax incorrectly in my post but I believe it’s correct in my galaxy.yml. I’ve edited it above. I’ve just put a dummy test link there to see if it works and it does not change the logout behavior.

I was tinkering with the remote_user functionality a few months back and found that it is badly underdeveloped. Talking to the devs I got the impression that nobody uses it. I think galaxy can authenticate against an ldap server internally if that is what you are after. Check out

Thank you, this helps.
Yes, that’s what I’m looking to do as well as provide SSL encryption.
It’s all working fine with apache except the logout.
Would you recommend using galaxy itself for both of those?
I’m working through the config file you sent and it does appear to support SSL.
Thank you again.

OK, just to close this out: I was able to get authentication working with PAM auth in Galaxy and the login/logout behavior is much better. I’m still using Apache as the web gateway. Thanks for your help.

1 Like