Omero public datasets with permanent session id

Dear all,
I intend to share image datasets with students through the local omero server. To avoid having the students to log into the server all the time I wanted to make the datasets public. I followed the guide provided here:


I wanted to make use of the reuse-session approach to generate a permanent link to each dataset, that would directly show the image in the server.
This worked fine, when I generate a session and use this, but after the 10 min timeout the session id expires and I have to generate new session ids. I then set the session to stay alive using “omero sessions keepalive” . This also works, but will probably not survive a reboot. Is there a way I can permanently save the session ID for public access?
Thanks and best wishes
Alex

Hi @alexra

The session sharing functionality is not really suitable for the type of sharing you require, as it provides a time-limited full session with the same access permissions as te user the session was created for. I’ll open a ticket to improve the documentation on this.

I recommend you follow the Configuring public user workflow instead.

Hi Simon,
thanks for the hint. I followed the description, but did not realise that I can access the files with a simple URL instead of the session URL. So it seams to work.
Thanks again, best wishes
Alex

Hi Simon,
sorry to bother you again. My test before was not correct, since the direct link only used my existing login to the server. So here is a summary of what I did:

$ omero config set omero.web.public.enabled True

$ omero config set omero.web.public.user ‘’

am I correct that I need the ’ and ’ around the user name?

$ omero config set omero.web.public.password ‘’

$ omero config set omero.web.public.get_only true

to prevent the public user to change anything

Filters:

$ omero config set omero.web.public.url_filter ‘^/(webadmin/myphoto/|webclient/(?!(script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as))|iviewer|api)’

I then moved all the files I want to made public to the public user by using

omero chgrp public Project:201 --include Dataset,Image

this worked fine.

Still, when I try to connect to the omero server directly using the url:
myip/webclient/?show=project-201

I still end at the login screen.

Is there a way I can troubleshoot the behaviour? I checked omero.web log but did not find anything.

Thanks for your help.
Alex

Not necessarily. If the name has characters that would be interpreted by the shell, then you would need to quote.

:+1:

Not exactly. To a group that the public user is a member of. So it might be possible to publish data without moving it, if all the data in that group can be public.

You restarted web & server after reconfiguring? Can you share the config for each? (2x omero config get) Also, it’s not something you would do usually, but can you login manually as the public user?

~Josh

Hi josh,
thanks for your answer.
I was aware of the point that moving the data to the public user is not necessary, but did it anyway.
I restarted both omero and web
I tried logging in as the public user, that works fine.

Here is the output of the omero config get (web)

omero.data.dir=/OMERO
omero.db.name=omero_database
omero.db.pass=********
omero.db.user=omero_db_user
omero.glacier2.IceSSL.Ciphers=HIGH:ADH:@SECLEVEL=0
omero.web.apps=[“omero_figure”]
omero.web.caches={“default”: {“BACKEND”: “django_redis.cache.RedisCache”,“LOCATION”: “redis://127.0.0.1:6379/0”}}
omero.web.open_with=[[“Image viewer”, “webgateway”, {“supported_objects”: [“image”], “script_url”: “webclient/javascript/ome.openwith_viewer.js”}], [“omero_figure”, “new_figure”, {“supported_objects”: [“images”], “target”: “_blank”, “label”: “OMERO.figure”}]]
omero.web.public.enabled=True
omero.web.public.get_only=true
omero.web.public.password=********
omero.web.public.server_id=1
omero.web.public.url_filter=^/(webadmin/myphoto/|webclient/(?!(script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as))|iviewer|api)
omero.web.public.user=student
omero.web.session_engine=django.contrib.sessions.backends.cache
omero.web.ui.top_links=[[“Data”, “webindex”, {“title”: “Browse Data via Projects, Tags etc”}], [“History”, “history”, {“title”: “History”}], [“Help”, “https://help.openmicroscopy.org/”, {“title”: “Open OMERO user guide in a new tab”, “target”: “new”}], [“Figure”, “figure_index”, {“title”: “Open Figure in new tab”, “target”: “_blank”}]]

Here is the output from omero config

omero.data.dir=/OMERO
omero.db.name=omero_database
omero.db.pass=********
omero.db.user=omero_db_user
omero.glacier2.IceSSL.Ciphers=HIGH:ADH:@SECLEVEL=0
omero.web.apps=[“omero_figure”]
omero.web.caches={“default”: {“BACKEND”: “django_redis.cache.RedisCache”,“LOCATION”: “redis://127.0.0.1:6379/0”}}
omero.web.open_with=[[“Image viewer”, “webgateway”, {“supported_objects”: [“image”], “script_url”: “webclient/javascript/ome.openwith_viewer.js”}], [“omero_figure”, “new_figure”, {“supported_objects”: [“images”], “target”: “_blank”, “label”: “OMERO.figure”}]]
omero.web.public.enabled=True
omero.web.public.get_only=true
omero.web.public.password=********
omero.web.public.server_id=1
omero.web.public.url_filter=^/(webadmin/myphoto/|webclient/(?!(script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as))|iviewer|api)
omero.web.public.user=student
omero.web.session_engine=django.contrib.sessions.backends.cache
omero.web.ui.top_links=[[“Data”, “webindex”, {“title”: “Browse Data via Projects, Tags etc”}], [“History”, “history”, {“title”: “History”}], [“Help”, “https://help.openmicroscopy.org/”, {“title”: “Open OMERO user guide in a new tab”, “target”: “new”}], [“Figure”, “figure_index”, {“title”: “Open Figure in new tab”, “target”: “_blank”}]]

One thing I read is that the omero config set commands listed above should be executed as omero web user. I did this as omero user. I tried as omero web user, but get

Cannot modify /opt/omero/server/OMERO.server/etc/grid/config.xml

Thanks for your help.
Alex

You likely need to set OMERODIR=/opt/omero/web/OMERO.web when acting as omero-web.
~J

Hi josh,
I set the OMERO dir. Is it possible that on my installation it is:
/opt/omero/web/omero.web ?

I used the path as it is in my installation. Then run the omero config commands again. Now my config for the omero web looks like:

omero.web.public.enabled=True
omero.web.public.get_only=True
omero.web.public.password=********
omero.web.public.server_id=1
omero.web.public.url_filter=^/(webadmin/myphoto/|webclient/(?!(script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as))|iviewer|api)
omero.web.public.user=student

I restarteed the omero web and omero server, but still I get the login screen. Any idea?
Thanks
Alex

Quite possible.

What URL are you loading as the public user? The only thing I can think of is that somehow your filter is not catching all the URLs that you are loading.

Hi Josh,
I load this URL:

http://.../webclient/?show=project-201

to access the get access to the project 201. I also tried to access individual images with something like:

http://.../webclient/?show=image-23822

Thanks Alex

Hi Alex,
Sorry to hear this isn’t working for you.

Just wanted to confirm that the settings you’re changing here are the correct.
In your “omero config” you have some web-specific settings, and I also see those in the web config.
When you change those settings in the web config (e.g. top_links, apps etc) and restart the web server, you do see those settings having an effect?

I wonder if you could try a simpler regex to allow all URLs. (The complex regex we have in the docs tries to exclude POST urls, but we have since disabled POST by default for public users).

omero config set omero.web.public.url_filter '/*'

Also, do you see on the login page a link to “Login as public user”?

Will

Edit: Oops. Will answered before me. Try his.

omero.web.public.url_filter=^/(webadmin/myphoto/|webclient/(?!(action|logout|annotate_(file|tags|comment|rating|map)|script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as)))

Can you try the filter statement from https://github.com/ome/ansible-example-omero-public-user/blob/6847d83b8463a79dd19c47ad6a141f3c3a580bde/playbook.yml#L26 ?

~Josh

@Will
Hi Will I do not see a “Login as public user” on the login screen. Where should that be seen?
@ Josh
thanks for the link. I will try that and come back to you. Have a good weekend.
Alex

1 Like

Hi Will, hi Josh
I tried both versions but still it did not work. When I restarted the omero web I got an error message, that one omero web worker is stalled. I killed the process and restarted web. Now the access is working, without a login. I hope this will stay this way. Thanks for all your help.
Best wishes
Alex

Ah, ok. Thanks, @alexra. That would certainly explain configuration changes not fixing your issue. We’ll keep our fingers crossed. ~Josh