@gmod/jbrowse
Version:
JBrowse - client-side genome browser
104 lines (100 loc) • 16 kB
HTML
<html lang="en"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><title>HTTP authentication for JBrowse · JBrowse</title><meta name="viewport" content="width=device-width"/><meta name="generator" content="Docusaurus"/><meta name="description" content="# Authentication and Access Control"/><meta name="docsearch:language" content="en"/><meta property="og:title" content="HTTP authentication for JBrowse · JBrowse"/><meta property="og:type" content="website"/><meta property="og:url" content="https://jbrowse.org/index.html"/><meta property="og:description" content="# Authentication and Access Control"/><meta name="twitter:card" content="summary"/><link rel="shortcut icon" href="/img/favicon.ico"/><link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/default.min.css"/><link rel="alternate" type="application/atom+xml" href="https://jbrowse.org/blog/atom.xml" title="JBrowse Blog ATOM Feed"/><link rel="alternate" type="application/rss+xml" href="https://jbrowse.org/blog/feed.xml" title="JBrowse Blog RSS Feed"/><script type="text/javascript" src="https://buttons.github.io/buttons.js"></script><link rel="stylesheet" href="/css/main.css"/></head><body class="sideNavVisible separateOnPageNav"><div class="fixedHeaderContainer"><div class="headerWrapper wrapper"><header><a href="/"><h2 class="headerTitle">JBrowse</h2></a><div class="navigationWrapper navigationSlider"><nav class="slidingNav"><ul class="nav-site nav-site-internal"><li class=""><a href="/blog" target="_self">Blog</a></li><li class="siteNavGroupActive"><a href="/docs/installation.html" target="_self">Documentation</a></li><li class=""><a href="/en/demos.html" target="_self">Demos</a></li><li class=""><a href="/en/developers.html" target="_self">Developers</a></li><li class=""><a href="/en/contact.html" target="_self">Contact</a></li><li class=""><a href="/en/references.html" target="_self">References</a></li><li class=""><a href="/en/help.html" target="_self">Help</a></li></ul></nav></div></header></div></div><div class="navPusher"><div class="docMainWrapper wrapper"><div class="container docsNavContainer" id="docsNav"><nav class="toc"><div class="toggleNav"><section class="navWrapper wrapper"><div class="navBreadcrumb wrapper"><div class="navToggle" id="navToggler"><i></i></div><h2><i>›</i><span>Advanced configuration</span></h2><div class="tocToggler" id="tocToggler"><i class="icon-toc"></i></div></div><div class="navGroups"><div class="navGroup"><h3 class="navGroupCategoryTitle">Tutorial</h3><ul><li class="navListItem"><a class="navItem" href="/docs/installation.html">Installation</a></li><li class="navListItem"><a class="navItem" href="/docs/tutorial.html">Indexed file formats tutorial</a></li><li class="navListItem"><a class="navItem" href="/docs/tutorial_classic.html">Classic quick-start guide</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Configuring tracks</h3><ul><li class="navListItem"><a class="navItem" href="/docs/reference_sequence.html">Reference sequence configuration</a></li><li class="navListItem"><a class="navItem" href="/docs/canvas_features.html">CanvasFeatures</a></li><li class="navListItem"><a class="navItem" href="/docs/html_features.html">HTMLFeatures</a></li><li class="navListItem"><a class="navItem" href="/docs/alignments.html">Alignments tracks</a></li><li class="navListItem"><a class="navItem" href="/docs/bigwig.html">Wiggle/BigWig Tracks</a></li><li class="navListItem"><a class="navItem" href="/docs/variants.html">VCF tracks</a></li><li class="navListItem"><a class="navItem" href="/docs/minimal.html">Minimal JBrowse configurations</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Advanced configuration</h3><ul><li class="navListItem"><a class="navItem" href="/docs/embedding.html">Embedding JBrowse</a></li><li class="navListItem"><a class="navItem" href="/docs/mouse_configs.html">Mouse clicks, menus, and popups</a></li><li class="navListItem"><a class="navItem" href="/docs/configuration_file_formats.html">Configuration File Formats</a></li><li class="navListItem"><a class="navItem" href="/docs/dataset_selector.html">Dataset Selector</a></li><li class="navListItem"><a class="navItem" href="/docs/track_selectors.html">Track Selectors</a></li><li class="navListItem"><a class="navItem" href="/docs/track_metadata.html">Track Metadata</a></li><li class="navListItem"><a class="navItem" href="/docs/global_options.html">Global configuration options</a></li><li class="navListItem"><a class="navItem" href="/docs/compression.html">Compressing JBrowse data</a></li><li class="navListItem navListItemActive"><a class="navItem" href="/docs/authentication.html">HTTP authentication for JBrowse</a></li><li class="navListItem"><a class="navItem" href="/docs/paired_reads.html">Paired read viewing</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Command line</h3><ul><li class="navListItem"><a class="navItem" href="/docs/flatfile-to-json.pl.html">flatfile-to-json.pl</a></li><li class="navListItem"><a class="navItem" href="/docs/remove-track.pl.html">remove-track.pl</a></li><li class="navListItem"><a class="navItem" href="/docs/ucsc-to-json.pl.html">ucsc-to-json.pl</a></li><li class="navListItem"><a class="navItem" href="/docs/generate-names.pl.html">generate-names.pl</a></li><li class="navListItem"><a class="navItem" href="/docs/prepare-refseqs.pl.html">prepare-refseqs.pl</a></li><li class="navListItem"><a class="navItem" href="/docs/biodb-to-json.pl.html">biodb-to-json.pl</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">JBrowse Desktop</h3><ul><li class="navListItem"><a class="navItem" href="/docs/jbrowse_desktop.html">JBrowse Desktop</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">FAQ</h3><ul><li class="navListItem"><a class="navItem" href="/docs/faq.html">JBrowse FAQ</a></li></ul></div><div class="navGroup"><h3 class="navGroupCategoryTitle">Other topics</h3><ul><li class="navListItem"><a class="navItem" href="/docs/url_strings.html">JBrowse URL parameters</a></li><li class="navListItem"><a class="navItem" href="/docs/image_tracks.html">Pre-rendered Image Tracks</a></li><li class="navListItem"><a class="navItem" href="/docs/feature_coverage.html">Feature Coverage Tracks</a></li><li class="navListItem"><a class="navItem" href="/docs/screenshots.html">Automating screenshots of JBrowse</a></li><li class="navListItem"><a class="navItem" href="/docs/events.html">JBrowse Subscribe/Publish events</a></li><li class="navListItem"><a class="navItem" href="/docs/perl_config.html">Sample configuration bash script</a></li><li class="navListItem"><a class="navItem" href="/docs/data_formats.html">JBrowse REST API and Data APIs</a></li><li class="navListItem"><a class="navItem" href="/docs/plugins.html">Installing and writing plugins</a></li><li class="navListItem"><a class="navItem" href="/docs/cors.html">Cross-origin resource sharing (CORS)</a></li><li class="navListItem"><a class="navItem" href="/docs/sparql.html">SPARQL configuration</a></li><li class="navListItem"><a class="navItem" href="/docs/data_export.html">Data export</a></li><li class="navListItem"><a class="navItem" href="/docs/usage_stats.html">Usage Statistics</a></li></ul></div></div></section></div><script>
document.addEventListener('DOMContentLoaded', function() {
createToggler('#navToggler', '#docsNav', 'docsSliderActive');
createToggler('#tocToggler', 'body', 'tocActive');
const headings = document.querySelector('.toc-headings');
headings && headings.addEventListener('click', function(event) {
if (event.target.tagName === 'A') {
document.body.classList.remove('tocActive');
}
}, false);
function createToggler(togglerSelector, targetSelector, className) {
var toggler = document.querySelector(togglerSelector);
var target = document.querySelector(targetSelector);
toggler.onclick = function(event) {
event.preventDefault();
target.classList.toggle(className);
};
}
});
</script></nav></div><div class="container mainContainer"><div class="wrapper"><div class="post"><header class="postHeader"><h1 class="postHeaderTitle">HTTP authentication for JBrowse</h1></header><article><div><span><h1><a class="anchor" aria-hidden="true" id="authentication-and-access-control"></a><a href="#authentication-and-access-control" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>Authentication and Access Control</h1>
<p>JBrowse works with HTTP Basic, HTTP Digest, and cookie (session) authentication methods, relying on the native support for them in browsers.</p>
<p>For cookie-based authentication methods, the session cookie should be set by another page before the user launches JBrowse.</p>
<h2><a class="anchor" aria-hidden="true" id="http-basic-ldap-under-nginx"></a><a href="#http-basic-ldap-under-nginx" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>HTTP Basic LDAP under Nginx</h2>
<p>Provided you have a LDAP authentication server already available it is relatively easy to configure nginx to require users to login and optionally be members of particular groups.</p>
<p>This approach is designed to block access to all of JBrowse until authenticated and is not suitable for excluding sub-sets of tracks.</p>
<p>The following block lists the installation method for the module and dependancies with versions available at time of writing:</p>
<pre><code class="hljs">sudo apt-get install libldap2-dev
sudo apt-get install build-essential
sudo apt-get install libcurl4-openssl-dev
mkdir ldap_test
cd ldap_test/
wget http:<span class="hljs-comment">//nginx.org/download/nginx-1.10.1.tar.gz</span>
tar zxf nginx-<span class="hljs-number">1.10</span>.<span class="hljs-number">1</span><span class="hljs-selector-class">.tar</span><span class="hljs-selector-class">.gz</span>
wget http:<span class="hljs-comment">//zlib.net/zlib-1.2.8.tar.gz</span>
tar zxf zlib-<span class="hljs-number">1.2</span>.<span class="hljs-number">8</span><span class="hljs-selector-class">.tar</span><span class="hljs-selector-class">.gz</span>
wget ftp:<span class="hljs-comment">//ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.37.tar.gz</span>
tar zxf pcre-<span class="hljs-number">8.37</span><span class="hljs-selector-class">.tar</span><span class="hljs-selector-class">.gz</span>
wget https:<span class="hljs-comment">//github.com/kvspb/nginx-auth-ldap/archive/master.zip</span>
unzip master<span class="hljs-selector-class">.zip</span>
rm *<span class="hljs-selector-class">.zip</span> *<span class="hljs-selector-class">.gz</span>
cd nginx-<span class="hljs-number">1.10</span>.<span class="hljs-number">1</span>/
./configure --prefix=/jbrowse/nginx_ldap --with-zlib=../zlib-<span class="hljs-number">1.2</span>.<span class="hljs-number">8</span> --with-pcre=../pcre-<span class="hljs-number">8.37</span> --with-http_ssl_module --add-module=../nginx-auth-ldap-master
make install
</code></pre>
<p><strong><em>pcre2 is not compatible, you must use pcre-X.XX</em></strong></p>
<p>The next block shows an example configuration that would be added to the 'http' section of 'nginx.conf'</p>
<pre><code class="hljs">http {
<span class="hljs-built_in">..</span>.
# <span class="hljs-keyword">for</span> any<span class="hljs-built_in"> user </span>who successfully authenticates against LDAP
ldap_server shared_site {
#<span class="hljs-built_in"> user </span>search base.
url <span class="hljs-string">"ldap://ldap-ro.internal.example.ac.uk/dc=example,dc=ac,dc=uk?uid?sub?objectClass=person"</span>;
# bind as
binddn <span class="hljs-string">"uid=WEBSERVER_USER,ou=people,dc=example,dc=ac,dc=uk"</span>;
# bind pw
binddn_passwd <span class="hljs-string">"WEBSERVER_USER_PW"</span>;
#<span class="hljs-built_in"> group </span>attribute name which contains member object
group_attribute member;
# search <span class="hljs-keyword">for</span> full DN <span class="hljs-keyword">in</span> member object
group_attribute_is_dn on;
# matching algorithm (any / all)
satisfy any;
require valid_user;
}
# just our sub team
ldap_server team_only
{
# exactly the same as above but adding:
# list of allowed groups
require<span class="hljs-built_in"> group </span><span class="hljs-string">"CN=mygroup,OU=group,DC=example,DC=ac,DC=uk"</span>;
}
</code></pre>
<p>You may need to use 'ldapsearch' or speak to your admins for help getting the settings correct.</p>
<p>Once this is in place you can then limit the accessible locations by adding to the 'server' section:</p>
<pre><code class="hljs"><span class="hljs-built_in"> server </span>{
<span class="hljs-built_in">..</span>.
# this is open access
location / {
root html;
index index.html index.htm;
}
# these require authentication
location /shared_site {
auth_ldap <span class="hljs-string">"Restricted access cancer members only"</span>;
auth_ldap_servers shared_site;
}
location /team_only {
auth_ldap <span class="hljs-string">"Restricted access cgppc members only"</span>;
auth_ldap_servers team_only;
}
<span class="hljs-built_in">..</span>.
}
</code></pre>
<p>If you place the 'auth_ldap*' directives before the location sections then you restrict all areas.</p>
<p>This was pieced together from the following pages:</p>
<ul>
<li><a href="https://github.com/kvspb/nginx-auth-ldap">https://github.com/kvspb/nginx-auth-ldap</a></li>
<li><a href="http://www.allgoodbits.org/articles/view/29">http://www.allgoodbits.org/articles/view/29</a></li>
</ul>
</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/compression.html">← Compressing JBrowse data</a><a class="docs-next button" href="/docs/paired_reads.html">Paired read viewing →</a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#http-basic-ldap-under-nginx">HTTP Basic LDAP under Nginx</a></li></ul></nav></div><footer class="nav-footer" id="footer"><section class="sitemap"><div><h5>Docs</h5><a href="/blog">Blog</a><a href="/docs/tutorial.html">Getting Started</a></div><div><h5>Community</h5><a href="https://gitter.im/GMOD/jbrowse">Project Chat</a><a href="https://twitter.com/JBrowseGossip" target="_blank" rel="noreferrer noopener">Twitter</a></div><div><h5>More</h5><a href="https://github.com/GMOD/jbrowse">GitHub</a><a class="github-button" href="https://github.com/GMOD/jbrowse" data-icon="octicon-star" data-count-href="/GMOD/jbrowse/stargazers" data-show-count="true" data-count-aria-label="# stargazers on GitHub" aria-label="Star this project on GitHub">Star</a></div></section><section class="copyright">Copyright © 2019 Evolutionary Software Foundation</section></footer></div></body></html>