LDAP /OmniAuth
44 views
Skip to first unread message
Cornelius Knopp
May 16, 2019, 4:40:23 AM5/16/19
to SEEK Developers
Hi,
i'm currently tryin to estalish a connection between SEEK and our local LDAP Service.
Theoretically, it should be possible to connect these services using OmniAuth, which is also enabled in the SEEK Server Admin Area.
I can't find a way to configure or even access/use this OmniAuth Service from within SEEK.
How can i configure this?
Best regards
Cornelius
Stuart Owen
May 17, 2019, 10:45:12 AM5/17/19
to seek-de...@googlegroups.com
Hi Cornelius,
The LDAP/OmniAuth was added as a contribution for use at the HITS institute, and as far as I'm aware it wasn't used elsewhere. I've never used it before myself or seen it in action.
I've asked HITS and it seems it is no longer used and the contributor has now left. So I'm afraid I'm not sure if it still works.
However, Alan (in Manchester) has been working on adding support for AAI, which involves incorporating a library (devise) that also provides support for LDAP and other providers.
We will take a closer look and hopefully have more information next week.
thanks,
Stuart.
--
You received this message because you are subscribed to the Google Groups "SEEK Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to seek-develope...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/seek-developers/700f36ee-24f2-43db-ae5f-5911c55bae40%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
alanrw
Jun 8, 2019, 3:39:13 PM6/8/19
to SEEK Developers
Hello Cornelius
You need to configure the LDAP provider outside the normal SEEK interface. If you look in your SEEK installation directory, there is a file called
config/initializers/seek_configuration.rb-openseek.rb
where you will see:
Seek::Config.default:omniauth_providers, {# # https://github.com/intridea/omniauth-ldap
# :ldap => {
# :title => "organization-ldap", # :host => 'localhost', # :port => 389, # :method => :plain, # :base => 'DC=example,DC=com', # :uid => 'samaccountname', # :password => '', # :bind_dn => '' # } } Sadly although you can alter this file to add in the LDAP values, you cannot do that once your SEEK is installed / running. You will need to change the value with Rails console (as far as I know). We can advise on changing the running value. Alan |
carsten.for...@evolbio.mpg.de
Jul 2, 2019, 6:38:38 AM7/2/19
to SEEK Developers
Hi,
I'm also interested in LDAP authentication for SEEK. The relevant section from my config/initializers/seek_configuration.rb-openseek.rb is as follows:
# omniauth settings and behaviour
Seek::Config.default :omniauth_enabled, true
Seek::Config.default :omniauth_user_create, true
Seek::Config.default :omniauth_user_activate, true
Seek::Config.default :omniauth_providers, {
:ldap => {
:title => 'Institutional',
:host => 'ldap.mydomain.com',
:port => 389,
:method => :plain,
:base => 'OU=people,DC=mydomain,DC=com',
:uid => 'samACCountName',
:password => '************',
:bind_dn => 'CN=ldapseek,CN=Users,DC=mydomain,DC=com'
}
}
Restarting the rails app with these settings gives me the LDAP tab on the login page. Typing in an existing ldap username and password results in
No route matches [POST] "/auth/ldap/callback"
On the ldap server, I can see from the logs that the authentication was successful. Any help?
You mean that restarting the server would not pick up the LDAP config?
Can you explain step-by-step how to do change the values in a running seek instance?
When can we expect the AAI feature in master (or tagged release)?
Cornelius Knopp
Jul 23, 2019, 9:22:13 AM7/23/19
to SEEK Developers
Hi,
today i managed to drive my seek instance up to the same problem with the missing route to /auth/ldap/callback.
Are
you using SEEK as Docker-compose containers? Then you might have to
"copy" them to your personal DockerHub Account in order to save the
altered settings.
1) Edit the files inside the running docker container
to access the Containr bash, use `docker exec -it -u root CONTAINER_ID bash`
2) Save the running container as an image `docker commit CONTAINER_ID IMAGE_NAME`
3) Login into dockerhub `docker login` (might be only possible if preceeded by `sudo su -`)
4) Tag your image: `docker tag IMAGE_NAME DOCKER_NAME/IMAGE_NAME[:VERSION]`
5) Push the image to dockerhub `docker push DOCKER_NAME/IMAGE_NAME[:VERSION]`
Then you're able to replace "fairdom/seek:version" by "DOCKER_NAME/IMAGE_NAME:version"The AAI feature was mentioned as "future development" at the PAL & User Meeting last week.
regards,
Cornelius
alanrw
Jul 23, 2019, 4:53:18 PM7/23/19
to SEEK Developers
Hi.
If you look in the config, you should see a file called routes.rb
In that file, there is a line (around 790) that says
get '/auth/:provider/callback' => 'sessions#create'
Can you try changing that to
post '/auth/:provider/callback' => 'sessions#create'
For the timescale of the AAI release.that is now being worked on
(mainly by me). It should be done in the next few weeks - say mid-August.
Will you be interested in testing / reviewing the development releases?
Alan
Cornelius Knopp
Jul 24, 2019, 1:35:33 AM7/24/19
to SEEK Developers
Hi,
I will try and let you know if this solves the problem.
Yes i would be very interested in testing/reviewing this feature.
Regards
Cornelius
Carsten Fortmann-Grote
Jul 26, 2019, 2:18:15 AM7/26/19
to seek-de...@googlegroups.com
Hi, thanks for looking into this.
I use SEEK installed from sources. Issue observed in both
master/HEAD and tag 1.83.
Regards, Carsten
On 7/23/19 3:22 PM, Cornelius Knopp wrote:
> Hi,
> today i managed to drive my seek instance up to the same problem with
> the missing route to /auth/ldap/callback.
>
> Are you using SEEK as Docker-compose containers? Then you might have to
> "copy" them to your personal DockerHub Account in order to save the
> altered settings.
> |
> |
> 1)Editthe files inside the running docker container
> to access the Containrbash,use`docker exec -it -u root CONTAINER_ID bash`
> 2)Savethe running container asan image `docker commit CONTAINER_ID
> IMAGE_NAME`
> 3)Loginintodockerhub `docker login`(might be only possible ifpreceeded
> 5)Pushthe image to dockerhub `docker push DOCKER_NAME/IMAGE_NAME[:VERSION]`
>
>
> Thenyou're able to replace "fairdom/seek:version" by
> --
> You received this message because you are subscribed to a topic in the
> https://groups.google.com/d/topic/seek-developers/SljG2kjkscU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> seek-develope...@googlegroups.com
> <mailto:seek-develope...@googlegroups.com>.
> <https://groups.google.com/d/msgid/seek-developers/27848d4f-4725-446e-b9e5-3fa1dcf4ed18%40googlegroups.com?utm_medium=email&utm_source=footer>.
I use SEEK installed from sources. Issue observed in both
master/HEAD and tag 1.83.
Regards, Carsten
On 7/23/19 3:22 PM, Cornelius Knopp wrote:
> Hi,
> today i managed to drive my seek instance up to the same problem with
> the missing route to /auth/ldap/callback.
>
> Are you using SEEK as Docker-compose containers? Then you might have to
> "copy" them to your personal DockerHub Account in order to save the
> altered settings.
> |
> |
> to access the Containrbash,use`docker exec -it -u root CONTAINER_ID bash`
> 2)Savethe running container asan image `docker commit CONTAINER_ID
> IMAGE_NAME`
> 3)Loginintodockerhub `docker login`(might be only possible ifpreceeded
> by`sudo su -`)
> 4)Tagyour image:`docker tag IMAGE_NAME DOCKER_NAME/IMAGE_NAME[:VERSION]`
> 5)Pushthe image to dockerhub `docker push DOCKER_NAME/IMAGE_NAME[:VERSION]`
>
>
> Thenyou're able to replace "fairdom/seek:version" by
> "DOCKER_NAME/IMAGE_NAME:version"
> |
> |
>
> The AAI feature was mentioned as "future development" at the PAL & User
> Meeting last week.
>
> regards,
> Cornelius
>
>
> Am Dienstag, 2. Juli 2019 12:38:38 UTC+2 schrieb
> carsten.fo...@evolbio.mpg.de:
>
> Hi,
> I'm also interested in LDAP authentication for SEEK. The relevant
> section from my
> config/initializers/seek_configuration.rb-openseek.rb is as follows:
>
> # omniauth settings and behaviour
> Seek::Config.default :omniauth_enabled, true
> Seek::Config.default :omniauth_user_create, true
> Seek::Config.default :omniauth_user_activate, true
> Seek::Config.default :omniauth_providers, {
> :ldap => {
> :title => 'Institutional',
> :host => 'ldap.mydomain.com <http://ldap.mydomain.com>',
> |
> |
>
> The AAI feature was mentioned as "future development" at the PAL & User
> Meeting last week.
>
> regards,
> Cornelius
>
>
> Am Dienstag, 2. Juli 2019 12:38:38 UTC+2 schrieb
> carsten.fo...@evolbio.mpg.de:
>
> Hi,
> I'm also interested in LDAP authentication for SEEK. The relevant
> section from my
> config/initializers/seek_configuration.rb-openseek.rb is as follows:
>
> # omniauth settings and behaviour
> Seek::Config.default :omniauth_enabled, true
> Seek::Config.default :omniauth_user_create, true
> Seek::Config.default :omniauth_user_activate, true
> Seek::Config.default :omniauth_providers, {
> :ldap => {
> :title => 'Institutional',
> You received this message because you are subscribed to a topic in the
> Google Groups "SEEK Developers" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/seek-developers/SljG2kjkscU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> seek-develope...@googlegroups.com
> <mailto:seek-develope...@googlegroups.com>.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/seek-developers/27848d4f-4725-446e-b9e5-3fa1dcf4ed18%40googlegroups.com
> <https://groups.google.com/d/msgid/seek-developers/27848d4f-4725-446e-b9e5-3fa1dcf4ed18%40googlegroups.com?utm_medium=email&utm_source=footer>.
Carsten Fortmann-Grote
Jul 26, 2019, 2:21:05 AM7/26/19
to seek-de...@googlegroups.com
I confirm that @alanrw 's fix solves the issue at hand. see also
https://github.com/seek4science/seek/issues/82
Regards, Carsten
On 7/23/19 10:53 PM, 'alanrw' via SEEK Developers wrote:
> Hi.
>
> If you look in the config, you should see a file called routes.rb
>
> In that file, there is a line (around 790) that says
>
> get '/auth/:provider/callback'=> 'sessions#create'
>
> Can you try changing that to
>
> post '/auth/:provider/callback'=> 'sessions#create'
>
> For the timescale of the AAI release.that is now being worked on
> (mainly by me). It should be done in the next few weeks - say mid-August.
> Will you be interested in testing / reviewing the development releases?
>
> Alan
>
> On Tuesday, 23 July 2019 14:22:13 UTC+1, Cornelius Knopp wrote:
>
> Hi,
> today i managed to drive my seek instance up to the same problem
> with the missing route to /auth/ldap/callback.
>
> Are you using SEEK as Docker-compose containers? Then you might have
> to "copy" them to your personal DockerHub Account in order to save
> the altered settings.
> |
> |
> 1)Editthe files inside the running docker container
> to access the Containrbash,use`docker exec -it -u root CONTAINER_ID
> bash`
> 2)Savethe running container asan image `docker commit CONTAINER_ID
> IMAGE_NAME`
> 3)Loginintodockerhub `docker login`(might be only possible
> ifpreceeded by`sudo su -`)
> 4)Tagyour image:`docker tag IMAGE_NAME DOCKER_NAME/IMAGE_NAME[:VERSION]`
> 5)Pushthe image to dockerhub `docker push
> DOCKER_NAME/IMAGE_NAME[:VERSION]`
>
>
> Thenyou're able to replace "fairdom/seek:version" by
> <https://groups.google.com/d/msgid/seek-developers/17150d77-d9e6-4b49-b827-f0a8d37c16e4%40googlegroups.com?utm_medium=email&utm_source=footer>.
https://github.com/seek4science/seek/issues/82
Regards, Carsten
On 7/23/19 10:53 PM, 'alanrw' via SEEK Developers wrote:
> Hi.
>
> If you look in the config, you should see a file called routes.rb
>
> In that file, there is a line (around 790) that says
>
> get '/auth/:provider/callback'=> 'sessions#create'
>
> Can you try changing that to
>
> post '/auth/:provider/callback'=> 'sessions#create'
>
> For the timescale of the AAI release.that is now being worked on
> (mainly by me). It should be done in the next few weeks - say mid-August.
> Will you be interested in testing / reviewing the development releases?
>
> Alan
>
> On Tuesday, 23 July 2019 14:22:13 UTC+1, Cornelius Knopp wrote:
>
> Hi,
> today i managed to drive my seek instance up to the same problem
> with the missing route to /auth/ldap/callback.
>
> Are you using SEEK as Docker-compose containers? Then you might have
> to "copy" them to your personal DockerHub Account in order to save
> the altered settings.
> |
> |
> to access the Containrbash,use`docker exec -it -u root CONTAINER_ID
> bash`
> 2)Savethe running container asan image `docker commit CONTAINER_ID
> IMAGE_NAME`
> 3)Loginintodockerhub `docker login`(might be only possible
> ifpreceeded by`sudo su -`)
> 4)Tagyour image:`docker tag IMAGE_NAME DOCKER_NAME/IMAGE_NAME[:VERSION]`
> 5)Pushthe image to dockerhub `docker push
> DOCKER_NAME/IMAGE_NAME[:VERSION]`
>
>
> Thenyou're able to replace "fairdom/seek:version" by
> "DOCKER_NAME/IMAGE_NAME:version"
> |
> |
>
> The AAI feature was mentioned as "future development" at the PAL &
> User Meeting last week.
>
> regards,
> Cornelius
>
>
> Am Dienstag, 2. Juli 2019 12:38:38 UTC+2 schrieb
> carsten.fo...@evolbio.mpg.de:
>
> Hi,
> I'm also interested in LDAP authentication for SEEK. The
> relevant section from my
> config/initializers/seek_configuration.rb-openseek.rb is as follows:
>
> # omniauth settings and behaviour
> Seek::Config.default :omniauth_enabled, true
> Seek::Config.default :omniauth_user_create, true
> Seek::Config.default :omniauth_user_activate, true
> Seek::Config.default :omniauth_providers, {
> :ldap => {
> :title => 'Institutional',
> :host => 'ldap.mydomain.com <http://ldap.mydomain.com>',
> |
> |
>
> The AAI feature was mentioned as "future development" at the PAL &
> User Meeting last week.
>
> regards,
> Cornelius
>
>
> Am Dienstag, 2. Juli 2019 12:38:38 UTC+2 schrieb
> carsten.fo...@evolbio.mpg.de:
>
> Hi,
> I'm also interested in LDAP authentication for SEEK. The
> relevant section from my
> config/initializers/seek_configuration.rb-openseek.rb is as follows:
>
> # omniauth settings and behaviour
> Seek::Config.default :omniauth_enabled, true
> Seek::Config.default :omniauth_user_create, true
> Seek::Config.default :omniauth_user_activate, true
> Seek::Config.default :omniauth_providers, {
> :ldap => {
> :title => 'Institutional',
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "SEEK Developers" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/seek-developers/SljG2kjkscU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> seek-develope...@googlegroups.com
> <mailto:seek-develope...@googlegroups.com>.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/seek-developers/17150d77-d9e6-4b49-b827-f0a8d37c16e4%40googlegroups.com
> You received this message because you are subscribed to a topic in the
> Google Groups "SEEK Developers" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/seek-developers/SljG2kjkscU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> seek-develope...@googlegroups.com
> <mailto:seek-develope...@googlegroups.com>.
> To view this discussion on the web, visit
> <https://groups.google.com/d/msgid/seek-developers/17150d77-d9e6-4b49-b827-f0a8d37c16e4%40googlegroups.com?utm_medium=email&utm_source=footer>.
Cornelius Knopp
Jul 26, 2019, 3:57:57 AM7/26/19
to SEEK Developers
I can confirm it too!
Thanks a lot.
Carole Goble
Jul 26, 2019, 4:24:03 AM7/26/19
to Cornelius Knopp, SEEK Developers
Thanks Alan!
Carole
--
You received this message because you are subscribed to the Google Groups "SEEK Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
seek-develope...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/seek-developers/2797d6c7-46aa-47a4-8863-ecbc4d18acf6%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages