Problem using AWS Cognito to authenticate users for S3 access #1598
Comments
|
@mblanche I can partially reproduce this , it looks like an IGV problem with release 2.18.2 and later. We will investigate and fix for the next release. In the meantime, if you do not need the latest features version 2.18.1 appears to work. You can download old versions here: https://data.broadinstitute.org/igv/projects/downloads/2.18/. |
|
As usual, thanks Jim for your expedite response! I’ll test on my side and let you know. I’m concern on how easy this can be deploy to my users? Is reving down a release something general pop fine it easy? Sent from my iPhoneOn Oct 8, 2024, at 5:41 PM, Jim Robinson ***@***.***> wrote:
@mblanche I can partially reproduce this , it looks like an IGV problem with release 2.18.2 and later. We will investigate and fix for the next release. In the meantime, if you do not need the latest features version 2.18.1 appears to work. You can download old versions here: https://data.broadinstitute.org/igv/projects/downloads/2.18/.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
As soon as we have a fix we'll do a release, I don't have an ETA for that but hopefully not too long. As far as difficulty in installing previous releases, the archive is a bit raw and users might not be sure what to download. Here are direct links for the main platforms: Windows: https://data.broadinstitute.org/igv/projects/downloads/2.18/IGV_Win_2.18.1-WithJava-installer.exe Bug fixes for the later releases (2.18.2 and 2.18.4) are here, they don't affect that many users. https://igv.org/doc/desktop/#ReleaseNotes/2.18.x/ |
|
@jrobinso , thanks Jim, I can confirm that rolling back to 2.18.1 now returns the message Thanks a bunch, that's an easy fix for now that I'll deploy to my current users (I'll take a look at the new features in 2.18.2 to make and make sure to manage my users expectations). Please, let me know when this is fixed in the next stable release. Also, let me know if you guys need helps with updating the HOWTO with the modern AWS console. |
|
@mblanche Leave this open until we deploy a fix, as a reminder to update. Thank you for the offer to update the HOWTO! It is hosted at UMCCR, so I'm not sure how logistics would work. We could leave the UMCCR page as is, and post some updated info here: https://igv.org/doc/desktop/#UserGuide/advanced/aws/. @brainstorm thoughts on this (the documentation)? |
Hello both and sorry about the bugs... I suppose that bumping the AWS SDK versions along wouldn't hurt and also @jrobinso, let me know if you need some help bisecting this issue or maybe you already narrowed down the cause? The HOWTO is hosted in GitHub so it should be relatively simple to update it via a pull request? Here's the actual blogposts in Markdown: https://github.com/umccr-svc/site/tree/master/content/post/2019-08-02-amazon-igv-backend And the image assets are over here: https://github.com/umccr-svc/site/tree/master/assets/media/img I'll be happy to review the PR merge the changes ASAP (or as soon as we get that bug fixed). Thanks @mblanche for offering to help out with the docs! /cc @ohofmann @reisingerf |
|
@brainstorm I've narrowed down the cause of the bug, its updating the SDK libraries in commit b611dbc . I have it on my todo list to look into this. Its probably something simple. |
* Fix the amazon failures due to LogFactory not found by adding a module dependency * on apache logging. This is necessary because commons-logging became modularized * between 1.2.0 and 1.3.0 but amazon is expecting the non-modular 1.2.0 while * 1.3.0 is being brought in due to changes in htsjdk. * See https://logging.apache.org/blog/2023/12/02/apache-common-logging-1.3.0.html for * more info. * Fix for #1598
* Fix the amazon failures due to LogFactory not found by adding a module dependency (#1598) * on apache logging. This is necessary because commons-logging became modularized * between 1.2.0 and 1.3.0 but amazon is expecting the non-modular 1.2.0 while * 1.3.0 is being brought in due to changes in htsjdk. * See https://logging.apache.org/blog/2023/12/02/apache-common-logging-1.3.0.html for * more info. * Fix for #1598
|
This is fixed, we'll include it in the next feature release or perhaps do a bug fix release. See #1599 for an explanation. |
|
Tested myself, should be fixed, so safe to close this issue? @mblanche? |
Hi there,
I tried following the steps described on the UMCCR Genomics Platform Group to use AWS Cognito user pools and identity pools to authenticate access to S3 resources containing files to be used in IGV. The steps describe could benefit from a refresh as the AWS console for Cognito is dramatically different from when the tutorial was writen. Nonetheless, I was able to create both a user and identity pool as well as assigning a role with S3 access but somehow, the callback to IGV after the login goes to a web page that says, "This page is not working" and IGV does not seem to be downloading any content from S3.
Just to recap the step I did:
a. I have create an app client with a client id and client secret
b. The app client is set to auth flows ALLOW_REFRESH_TOKEN_AUTH and ALLOW_USER_SRP_AUTH
c. I have a hosted UI with a callback set to http://localhost:60151/oauthCallback
d. Hosted UI identity provider set to Cognito user pool
e. Hosted UI OAuth 2.0 set to Authorization code grant
f. Hosted UI OIDC scopes set to aws.cognito.signin.user.admin, Email, Ohone, Profile and OpenID
When I open IGV, I get the Amazon menu, selecting the login trigger the Cognito hosted UI where I can manage my credentials, etc... Then when I login I get redirected to an error page saying "This page is not working" and nothing gets loaded from S3 into IGV.
Not sure what I am missing? Let me paste the different configs and log, no worries about the different secrets, everything got wiped out cleaned...
Let me know if there's more info required, I really need this to work for the project I'm working on right now.
Thanks
Marco
Config file hosted on static S3 web server
oauth-config.json
AWS Services and Configs
Then from the AWS Cli:
aws cognito-idp describe-user-pool --user-pool-id us-west-1_iPuYrNyjiaws cognito-idp describe-user-pool-client --user-pool-id us-west-1_iPuYrNyji --client-id 2s1h5pa7l11svqiv0vsr19or5jaws cognito-identity describe-identity-pool --identity-pool-id us-west-1:0cb4be16-6b38-42db-92ef-c93d6f26f413aws cognito-identity get-identity-pool-roles --identity-pool-id us-west-1:0cb4be16-6b38-42db-92ef-c93d6f26f413aws iam get-role --role-name igv-cognito-access-roleaws iam get-policy --policy-arn arn:aws:iam::01234567890:policy/S3_accessaws iam get-policy-version --policy-arn arn:aws:iam::01234567890:policy/service-role/Cognito-authenticated-1728417108511 --version-id v1aws iam list-role-policies --role-name igv-cognito-access-roleaws iam get-role-policy --role-name igv-cognito-access-role --policy-name S3_accessLogs from IGV
The text was updated successfully, but these errors were encountered: