William Hahn (Nov 25 2025 at 15:15): William Hahn (Nov 25 2025 at 15:15):Any globus experts? I've been having issues setting up globus with the globus-dataverse external tool.
I'm testing with a POSIX gateway / collection. I have tested globus as a native app / non-native app, as enabling native app prevented me from referencing an identity for the registered app to give admin privs, and from generating a client secret. (Should it be registered as a native app to work with dataverse?)
When testing with a non-native app, my GCP endpoint isn't loaded in the UI and I get two 401 responses when attempting to upload with globus β 'invalid_client' and 'Bad signed URL'. I tried connecting after disabling Anubis, and still got the same responses.
When testing it registered as a native app, my local filesystem via GCP is loaded, but I get the message 'There was an error in transfer submission. BIIG' when attempting to transfer a file. Any pointers here? And should it be registered as a native app? I do notice the redirect to https://auth.globus.org/v2/web/auth-code when native app is enabled, which seems to be needed here.
@Don Sizemore would like for me to tag @Deirdre Kirmis @Victoria Lubitch
Philip Durbin π (Nov 25 2025 at 15:37):@William Hahn if you don't mind, please also post at https://groups.google.com/g/dataverse-community
William Hahn (Nov 25 2025 at 15:37):As a native app, the error in transfer submission throws a 401 for a requestGlobusUploadPaths api call. I suspect this issue would be solved if there were an identity provided for registered native apps (so that I could assign it admin privs).
Philip Durbin π (Nov 25 2025 at 15:55):https://groups.google.com/g/dataverse-community/c/wxPlPHofIrs/m/jEgkPbpFCQAJ looks great. Thanks!
Deirdre Kirmis (Nov 25 2025 at 16:15):I'm not an expert, but I did get it set up and it is working. I believe I registered the main app as a native app, but I also have a PKXE app registered as a thick client. I remember the redirects and the order of them was very important, as well as the DB options and client config.
William Hahn (Nov 25 2025 at 16:20):It's worth noting that with a non-native registered app I get the following response ('invalid_client'):
ERROR TypeError: can't access property 0, this.transferData.userAccessTokenData.other_tokens is undefined
However, I've defined the globus token (clientID:clientSecret) in domain.xml and the :GlobusBasicToken setting.
@Deirdre Kirmis thank you. Were you able to reference an identity when setting the client as an admin? Or did you need to do this?
Deirdre Kirmis (Nov 25 2025 at 16:45):Do you mean in Globus? Both of the apps show "Required identity" None .. but the credentials on the collection show my globus identity as having access to the collection and to the access keys of the IAM user who has access to the bucket. I vaguely remember setting this, but it's been a while.
In the db settings, I have:
:GlobusPollingInterval 300
:GlobusAppUrl (the domain pointing to the globus collection)
And for the Globus "store" jvm options, they look like this:
<jvm-options>-Ddataverse.files.glbs.type=s3</jvm-options>
<jvm-options>-Ddataverse.files.glbs.url-expiration-minutes=60</jvm-options>
<jvm-options>-Ddataverse.files.glbs.download-redirect=true</jvm-options>
<jvm-options>-Ddataverse.files.glbs.upload-redirect=true</jvm-options>
<jvm-options>-Ddataverse.files.glbs.path-style-access=true</jvm-options>
<jvm-options>-Ddataverse.files.glbs.label=globus</jvm-options>
<jvm-options>-Ddataverse.files.glbs.base-store=<main store label></jvm-options>
<jvm-options>-Ddataverse.files.glbs.bucket-name=<bucket name></jvm-options>
<jvm-options>-Ddataverse.files.glbs.managed=true</jvm-options>
<jvm-options>-Ddataverse.files.glbs.transfer-endpoint-with-basepath=<UUID of guest collection></jvm-options>
<jvm-options>-Ddataverse.files.glbs.globus-transfer-endpoint-with-basepath=<UUID of guest collection></jvm-options>
<jvm-options>-Ddataverse.files.glbs.globus-token=<generated token></jvm-options>
<jvm-options>-Ddataverse.files.glbs.files-not-accessible-by-dataverse=false</jvm-options>
Looking through my notes to find any other relevant info ..
Deirdre Kirmis (Nov 25 2025 at 16:47):I built the integration app as an angular app and running it with nginx
Deirdre Kirmis (Nov 25 2025 at 16:49):config.json looks like this:
{
"baseUrl": "",
"id": "",
"redirectUploadURL": "https://<globus-app URL>/upload",
"redirectDownloadURL": "https://<globus-app URL>/download",
"globusClientId": "<secret key>"
}
Deirdre Kirmis (Nov 25 2025 at 16:50):this is for a managed store btw
Deirdre Kirmis (Nov 25 2025 at 16:55):the redirects for the apps include all of these:
http://localhost/download/
http://localhost/upload/
http://localhost/*/
https://app.globus.org/file-manager
http://localhost
http://localhost/download-file/
http://localhost/upload
https://<URL of globus app>
https://<URL of globus app>/download-file/
https://<URL of globus app>/upload/
https://<URL of globus app>/
https://<URL of globus app>/upload
https://<URL of globus app>/download
https://<URL of globus app>/download/
https://<URL of globus app>/download-file
https://<AWS ALB URL>/upload
https://<AWS ALB URL>/upload/
i guess all that is on their docs =/
Deirdre Kirmis (Nov 25 2025 at 17:05):I remember getting the BIIG error several times and it seems that is related to bucket access .. (ie: the access keys changed or something else was configured incorrectly).
Deirdre Kirmis (Nov 25 2025 at 17:16):also, as you can tell, we are running dataverse and the integration app on AWS and we have DNS > ALB > globus app .. both store in S3
Deirdre Kirmis (Nov 25 2025 at 17:16):hope some of that helps :slight_smile:
William Hahn (Nov 26 2025 at 16:13):Thanks a lot @Deirdre Kirmis. I'll try out some of your suggestions and see if they help.
One thing I'm noticingβ I've been using the UUID of the configured endpoint itself rather than for the specific guest collection (for transfer-endpoint jvm options). This probably accounts for at least some of my setup issues... Also, I've been using the registered UUID for the client rather than the secret key for globusClientId in the config. I'll try building while mirroring some of your setup and see if I have any luck.
And I was referencing the client identity that one can see for non-native apps (e.g. <Client UUID>@clients.auth.globus.org). The dataverse community document instructs this field should be set as admin for the guest collection, but I was confused since this field doesn't show up when native app / thick client is selected (which is also instructed) :sweat_smile:
William Hahn (Nov 26 2025 at 20:08):fyi: I was able to upload a file to the guest collection (POSIX) with Deirdre's and Kirill's suggestions! Several of the redirects (mainly localhost) that Deirdre has I did not. Thank you both :)
The main thing I was missing was Kirill's suggestion. My confusion stemmed from where to source the client secret, Basic Globus Token, etc.
One needs to register a portal in conjunction with a thick client for the project, and reference the client ID and secret for the portal for the basic token. I also gave the portal identity (<Client UUID>@clients.auth.globus.org) admin privs for the guest collection.
Deirdre Kirmis (Nov 26 2025 at 20:29):That's great! Glad you were able to get it to work! I remember switching out the UUIDs to find the right one, and going back and forth between the DV docs and the github instructions to find the right combination of things. Somehow I got it working. :smile: I would be interested in your experience with it and if you find you use it a lot. We still have not had a real use case that we couldn't solve with DVUploader or DVWebloader recently, although we have had some in the past that we could really have used it for. And for our researcher community who use Globus already, it could be a huge help.
Deirdre Kirmis (Nov 26 2025 at 20:32):And just curious, do you plan to just have Globus available as a "managed" upload option for anyone that has large/many files, or are you going to configure remote stores with it? I've tested adding some remote endpoints but we have not actively used any.
William Hahn (Nov 26 2025 at 20:53):At UNC we're not quite there yet, but we're definitely are interested in using globus for big data transfers, especially with S3 Glacier now having globus support. We aren't charged egress for S3, so it's a great option for us. So... I'm thinking we'll be using a remote store for big data uploads but things are a bit in flux at the moment. Any pointers are welcome if you have any!
Also would be interested to hear about how you all might use it in the future :slight_smile:
Philip Durbin π (Dec 01 2025 at 14:42):@William Hahn I'm glad you figured it out! Do you think a tweak to the docs would help? Any interest in making a pull request? :smile:
Don Sizemore (Dec 01 2025 at 15:13):@Philip Durbin π I submitted a PR to update the guides link to the current repo; we're going to update the community Google doc hopefully today or tomorrow. I told William I can think of four people who may know more about the Dataverse/Globus integration than him.
William Hahn (Dec 01 2025 at 15:17):@Philip Durbin π Definitely! I think the bit about setting up a portal will be important for future dataverse globus tinkerers to know about. @Don Sizemore and I plan to look at it later today/this week :slight_smile:
Philip Durbin π (Dec 01 2025 at 15:17):Awesome, thanks!
Philip Durbin π (Dec 01 2025 at 15:18):Eventually, I think that community doc should go away. The content should be incorporated into the guides, I mean.
Don Sizemore (Dec 02 2025 at 12:37):@Philip Durbin π today @William Hahn would like to test Globus in Jim's recommended configuration (those are the two comments we didn't accept/approve yesterday) then, with Jim/Victoria/Leonid's approval we may well submit a docs PR.
Last updated: Jan 09 2026 at 14:18 UTC