Authentication by token on local instance

[msc...@gmail.com]

I set up a local cbioportal instance with LDAP authentication, but I can't get the token authentication to work.  The documentation (https://docs.cbioportal.org/2.2-authorization-and-authentication/authenticating-users-via-tokens) indicates that the portal.properties configuration file needs to have a section like:

# data access token settings   

dat.unauth_users=

dat.method=uuid

dat.ttl_seconds=2592000

dat.uuid.max_number_per_user=1

dat.uuid.revoke_other_tokens=true

dat.jwt.secret_key=

After restarting, I expected the drop down menu below with a "Download Token" option, but it doesn't appear.  Is there something else that needs to be configured?

Thanks.

[Benjamin Gross]

Thank you for your email.  From which branch are you building your portal?  I think the token code is only in the release-3.1.0 branch.

Regards,

Benjamin

--
You received this message because you are subscribed to the Google Groups "cBioPortal for Cancer Genomics Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cbioportal+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cbioportal/8465fd7e-e0bb-489e-a21f-fa2e48f7bba7%40googlegroups.com.

[Angelica Ochoa]

Hello, 

Have you also set the "authenticate" property in your portal.properties? The token authentication is disabled when "authenticate" is set to "false" or "social_auth".

Angelica

[msc...@gmail.com]

Thanks!  This wasn't clear from the documentation.  I'm using v3.0.3 to stay consistent with the public cbioportal version.  I'll give 3.1.0 a try!

On Thursday, August 1, 2019 at 2:28:39 PM UTC-4, Benjamin Gross wrote:

Thank you for your email.  From which branch are you building your portal?  I think the token code is only in the release-3.1.0 branch.

Regards,

Benjamin

On Aug 1, 2019, at 9:58 AM, msc...@gmail.com wrote:

I set up a local cbioportal instance with LDAP authentication, but I can't get the token authentication to work.  The documentation (https://docs.cbioportal.org/2.2-authorization-and-authentication/authenticating-users-via-tokens) indicates that the portal.properties configuration file needs to have a section like:

# data access token settings   

dat.unauth_users=

dat.method=uuid

dat.ttl_seconds=2592000

dat.uuid.max_number_per_user=1

dat.uuid.revoke_other_tokens=true

dat.jwt.secret_key=

After restarting, I expected the drop down menu below with a "Download Token" option, but it doesn't appear.  Is there something else that needs to be configured?

Thanks.

--
You received this message because you are subscribed to the Google Groups "cBioPortal for Cancer Genomics Discussion Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cbiop...@googlegroups.com.

[msc...@gmail.com]

Hi Benjamin and Angelica, 

Thanks for your suggestions.  I tried the 3.1.0 branch (with 'git checkout release-3.1.0') and the token drop down menu is still not showing.  It just shows "Logged in as username".  I believe I compiled this version correctly, although when I visit https://theserverurl:8443/cbioportal/api/info, it says the portal version is still on 3.0.3.

{"portalVersion":"3.0.3-129-ga070679d3-SNAPSHOT","dbVersion":"2.11.0","gitBranch":"release-3.1.0","gitCommitId":"a070679d3b8c0f0f08f5396550416d5a0c53ed9e","gitCommitIdDescribe":"v3.0.3-129-ga070679","gitCommitIdDescribeShort":"v3.0.3-129","gitCommitMessageFull":"Automated master to release-3.1.0 merge","gitCommitMessageShort":"Automated master to release-3.1.0 merge","gitCommitMessageUserEmail":"i...@ino.pm","gitCommitMessageUserName":"Ino de Bruijn","gitDirty":false}

I'm using LDAP and the instance authenticates correctly.  To address Angelica's question, I specify this in the Tomcat startup script with 'export CATALINA_OPTS="$CATALINA_OPTS -Dauthenticate=ldap -Xms1048m -Xmx10240m -XX:MaxPermSize=512m" '.  Is there somewhere else in portal.properties that I need to also edit?

I don't see issues in the logs.  Any other suggestions?

[Angelica Ochoa]

Hello, 

Have you referred to the documentation here for setting up LDAP authentication? https://docs.cbioportal.org/2.2-authorization-and-authentication/authenticating-users-via-ldap

Without enabling the token authentication, does the LDAP sign-in work as expected?

Thanks,

Angelica 

To unsubscribe from this group and stop receiving emails from it, send an email to cbioportal+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cbioportal/f2d9fea6-2b7f-4f43-93b3-77dbcc0de96d%40googlegroups.com.

[msc...@gmail.com]

Just following up on this since it's been a couple weeks.  I tried again with the latest github source, and per Benjamin's suggestion, I tried compiling the 3.1 branch (eeb5a03e2).  It compiles properly and after updating the database schema (to v2.11.0), I can properly log in via LDAP as before (with or without token access enabled).  As before I configured my portal.properties file with:

dat.unauth_users=

dat.method=uuid

dat.ttl_seconds=2592000

dat.uuid.max_number_per_user=5

dat.uuid.revoke_other_tokens=false

dat.jwt.secret_key=<a_random_hex_key>

The problem is that I still don't see a dropdown menu as noted in the documentation next to my username that allows downloading a token.

Is there anything else in the configuration that would be preventing the GUI token menu from working properly?

Thanks!

On Monday, August 5, 2019 at 2:38:00 PM UTC-4, Angelica wrote:

Hello, 

Have you referred to the documentation here for setting up LDAP authentication? https://docs.cbioportal.org/2.2-authorization-and-authentication/authenticating-users-via-ldap

Without enabling the token authentication, does the LDAP sign-in work as expected?

Thanks,

Angelica 

On Mon, Aug 5, 2019 at 2:33 PM <msc...@gmail.com> wrote:

Hi Benjamin and Angelica, 

Thanks for your suggestions.  I tried the 3.1.0 branch (with 'git checkout release-3.1.0') and the token drop down menu is still not showing.  It just shows "Logged in as username".  I believe I compiled this version correctly, although when I visit https://theserverurl:8443/cbioportal/api/info, it says the portal version is still on 3.0.3.

{"portalVersion":"3.0.3-129-ga070679d3-SNAPSHOT","dbVersion":"2.11.0","gitBranch":"release-3.1.0","gitCommitId":"a070679d3b8c0f0f08f5396550416d5a0c53ed9e","gitCommitIdDescribe":"v3.0.3-129-ga070679","gitCommitIdDescribeShort":"v3.0.3-129","gitCommitMessageFull":"Automated master to release-3.1.0 merge","gitCommitMessageShort":"Automated master to release-3.1.0 merge","gitCommitMessageUserEmail":"ino...@ino.pm","gitCommitMessageUserName":"Ino de Bruijn","gitDirty":false}

To view this discussion on the web visit https://groups.google.com/d/msgid/cbioportal/f2d9fea6-2b7f-4f43-93b3-77dbcc0de96d%40googlegroups.com.

[Angelica Ochoa]

Hi, 

What version of the frontend are you using? in the cbioportal/pom.xml there is a property defined called "frontend.version".

Can you make sure it is set to the following?

<frontend.version>4d56b3ffa1bc9be1e80b61802166a5ccdbea812b</frontend.version>

Also make sure you do not have this property "frontend.url.runtime" in your portal.properties as that property overrides the version of the frontend to use that is specified in the cbioportal/pom.xml.

Angelica

On Wed, Aug 21, 2019 at 3:23 PM <msc...@gmail.com> wrote:

Just following up on this since it's been a couple weeks.  I tried again with the latest github source, and per Benjamin's suggestion, I tried compiling the 3.1 branch (eeb5a03e2).  It compiles properly and after updating the database schema (to v2.11.0), I can properly log in via LDAP as before (with or without token access enabled).  As before I configured my portal.properties file with:

dat.unauth_users=

dat.method=uuid

dat.ttl_seconds=2592000

dat.uuid.max_number_per_user=5

dat.uuid.revoke_other_tokens=false

dat.jwt.secret_key=<a_random_hex_key>

The problem is that I still don't see a dropdown menu as noted in the documentation next to my username that allows downloading a token.

Is there anything else in the configuration that would be preventing the GUI token menu from working properly?

Thanks!

On Monday, August 5, 2019 at 2:38:00 PM UTC-4, Angelica wrote:

Hello, 

Have you referred to the documentation here for setting up LDAP authentication? https://docs.cbioportal.org/2.2-authorization-and-authentication/authenticating-users-via-ldap

Without enabling the token authentication, does the LDAP sign-in work as expected?

Thanks,

Angelica 

On Mon, Aug 5, 2019 at 2:33 PM <msc...@gmail.com> wrote:

Hi Benjamin and Angelica, 

Thanks for your suggestions.  I tried the 3.1.0 branch (with 'git checkout release-3.1.0') and the token drop down menu is still not showing.  It just shows "Logged in as username".  I believe I compiled this version correctly, although when I visit https://theserverurl:8443/cbioportal/api/info, it says the portal version is still on 3.0.3.

{"portalVersion":"3.0.3-129-ga070679d3-SNAPSHOT","dbVersion":"2.11.0","gitBranch":"release-3.1.0","gitCommitId":"a070679d3b8c0f0f08f5396550416d5a0c53ed9e","gitCommitIdDescribe":"v3.0.3-129-ga070679","gitCommitIdDescribeShort":"v3.0.3-129","gitCommitMessageFull":"Automated master to release-3.1.0 merge","gitCommitMessageShort":"Automated master to release-3.1.0 merge","gitCommitMessageUserEmail":"i...@ino.pm","gitCommitMessageUserName":"Ino de Bruijn","gitDirty":false}

To unsubscribe from this group and stop receiving emails from it, send an email to cbioportal+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cbioportal/90c9ce02-3655-401c-8a22-56123d921ac4%40googlegroups.com.

[msc...@gmail.com]

Thanks, Angelica.  Changing the frontend.version in pom.xml did the trick to show the menu in the interface.  I can now login via LDAP and download the token file using uuid in portal settings.

If I login and then use the API from a browser (e.g. https://theserver:8443/cbioportal/api/studies), the app returns the appropriate study list.  The problem is that the API doesn't authenticate properly from the command line and cgdsr R package.  When I try the following (with the correct server and token):

curl -X GET "https://theserver:8443/cbioportal/api/studies" -H "accept: application/json" -H "Authorization: Bearer aaaaaa-bbbb-cccc-dddd-eeeeeeeeee"

the response is:

<!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 – Unauthorized</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Unauthorized</p><p><b>Description</b> The request has not been applied because it lacks valid authentication credentials for the target resource.</p><hr class="line" /><h3>Apache Tomcat/8.5.40</h3></body></html>

Is there another setting I'm missing that permits token access?  Any ideas of what to check?

Hi Benjamin and Angelica, 

{"portalVersion":"3.0.3-129-ga070679d3-SNAPSHOT","dbVersion":"2.11.0","gitBranch":"release-3.1.0","gitCommitId":"a070679d3b8c0f0f08f5396550416d5a0c53ed9e","gitCommitIdDescribe":"v3.0.3-129-ga070679","gitCommitIdDescribeShort":"v3.0.3-129","gitCommitMessageFull":"Automated master to release-3.1.0 merge","gitCommitMessageShort":"Automated master to release-3.1.0 merge","gitCommitMessageUserEmail":"ino...@ino.pm","gitCommitMessageUserName":"Ino de Bruijn","gitDirty":false}

To view this discussion on the web visit https://groups.google.com/d/msgid/cbioportal/90c9ce02-3655-401c-8a22-56123d921ac4%40googlegroups.com.