Merge branch '4232-slow-pipes-n-jobs' closes #4232
[arvados.git] / doc / install / install-sso.html.textile.liquid
1 ---
2 layout: default
3 navsection: installguide
4 title: Install Single Sign On (SSO) server
5 ...
6
7 h2(#dependencies). Install dependencies
8
9 Make sure you have "Ruby and Bundler":install-manual-prerequisites-ruby.html installed.
10
11 h2(#install). Install SSO server
12
13 h3. Get SSO server code and create database
14
15 <notextile>
16 <pre><code>~$ <span class="userinput">cd $HOME</span> # (or wherever you want to install)
17 ~$ <span class="userinput">git clone https://github.com/curoverse/sso-devise-omniauth-provider.git</span>
18 ~$ <span class="userinput">cd sso-devise-omniauth-provider</span>
19 ~/sso-devise-omniauth-provider$ <span class="userinput">bundle install</span>
20 ~/sso-devise-omniauth-provider$ <span class="userinput">RAILS_ENV=production bundle exec rake db:create</span>
21 ~/sso-devise-omniauth-provider$ <span class="userinput">RAILS_ENV=production bundle exec rake db:migrate</span>
22 </code></pre>
23 </notextile>
24
25 h3. Configure Rails secret
26
27 Create a secret:
28
29 <notextile>
30 <pre><code>~/sso-devise-omniauth-provider$ <span class="userinput">cp -i config/initializers/secret_token.rb.example config/initializers/secret_token.rb</span>
31 ~/sso-devise-omniauth-provider$ <span class="userinput">rake secret</span>
32 zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
33 </code></pre>
34 </notextile>
35
36 Edit @config/initializers/secret_token.rb@ to set @config.secret_token@ to the string produced by @rake secret@.
37
38 h3. Configure upstream authentication provider
39
40 <notextile>
41 <pre><code>~/sso-devise-omniauth-provider$ <span class="userinput">cp -i config/environments/production.rb.example config/environments/production.rb</span>
42 </code></pre>
43 </notextile>
44
45 Edit @config/environments/production.rb@ to set @config.google_oauth2_client_id@ and @config.google_oauth2_client_secret@.  See "Omniauth Google OAuth2 gem documentation":https://github.com/zquestz/omniauth-google-oauth2 and "Using OAuth 2.0 to Access Google APIs":https://developers.google.com/accounts/docs/OAuth2 for information about using the "Google Developers Console":https://console.developers.google.com to get a Google client id and client secret.
46
47 h3(#client). Create arvados-server client
48
49 Use @rails console@ to create a @Client@ record that will be used by the Arvados API server.  The values of @app_id@ and @app_secret@ correspond to the @APP_ID@ and @APP_SECRET@ that must be set in in "Setting up Omniauth in the API server.":install-api-server.html#omniauth
50
51 <notextile>
52 <pre><code>~/sso-devise-omniauth-provider$ <span class="userinput">rake secret</span>
53 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
54 ~/sso-devise-omniauth-provider$ <span class="userinput">RAILS_ENV=production bundle exec rails console</span>
55 irb(main):001:0&gt; <span class="userinput">c = Client.new</span>
56 irb(main):002:0&gt; <span class="userinput">c.name = "joshid"</span>
57 irb(main):003:0&gt; <span class="userinput">c.app_id = "arvados-server"</span>
58 irb(main):004:0&gt; <span class="userinput">c.app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"</span>
59 irb(main):005:0&gt; <span class="userinput">c.save!</span>
60 irb(main):006:0&gt; <span class="userinput">quit</span>
61 </code></pre>
62 </notextile>
63
64 h2. Start the SSO server
65
66 h3. Run a simple standalone server
67
68 You can use the Webrick server that is bundled with Ruby to quickly verify that your installation is functioning:
69
70 <notextile>
71 <pre><code>~/arvados/services/api$ <span class="userinput">RAILS_ENV=production bundle exec rails server</span>
72 </code></pre>
73 </notextile>
74
75 h3. Production environment
76
77 As a Ruby on Rails application, the SSO server should be compatible with any Ruby application server that supports Rack applications.  We recommend "Passenger":https://www.phusionpassenger.com/ to run the SSO server in production.