--- layout: default navsection: installguide title: Install Single Sign On (SSO) server ... h2(#dependencies). Install dependencies Make sure you have "Ruby and Bundler":install-manual-prerequisites-ruby.html installed. h2(#install). Install SSO server h3. Get SSO server code and create database

~$ cd $HOME # (or wherever you want to install)
~$ git clone https://github.com/curoverse/sso-devise-omniauth-provider.git
~$ cd sso-devise-omniauth-provider
~/sso-devise-omniauth-provider$ bundle install
~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:create
~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:migrate

h3. Configure Rails secret Create a secret:

~/sso-devise-omniauth-provider$ cp -i config/initializers/secret_token.rb.example config/initializers/secret_token.rb
~/sso-devise-omniauth-provider$ ruby -e 'puts rand(2**400).to_s(36)'
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz

Edit @config/initializers/secret_token.rb@ to set @config.secret_token@ to the string produced by @rand@ above. h3. Configure upstream authentication provider This will enable users to log in using their existing Google accounts. If you don't want to use Google for account services, you can also "add accounts manually.":#manual-accounts

~/sso-devise-omniauth-provider$ cp -i config/environments/production.rb.example config/environments/production.rb

Edit @config/environments/production.rb@ to set @config.google_oauth2_client_id@ and @config.google_oauth2_client_secret@. See "Omniauth Google OAuth2 gem documentation":https://github.com/zquestz/omniauth-google-oauth2 and "Using OAuth 2.0 to Access Google APIs":https://developers.google.com/accounts/docs/OAuth2 for information about using the "Google Developers Console":https://console.developers.google.com to get a Google client id and client secret. h3(#client). Create arvados-server client Use @rails console@ to create a @Client@ record that will be used by the Arvados API server. The values of @app_id@ and @app_secret@ correspond to the @APP_ID@ and @APP_SECRET@ that must be set in in "Setting up Omniauth in the API server.":install-api-server.html#omniauth

~/sso-devise-omniauth-provider$ ruby -e 'puts rand(2**400).to_s(36)'
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rails console
:001 > c = Client.new
:002 > c.name = "joshid"
:003 > c.app_id = "arvados-server"
:004 > c.app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
:005 > c.save!
:006 > quit

h2(#manual-accounts). Adding user accounts manually Instead of relying on an upstream authentication such as Google, you can create accounts on the SSO server manually.

~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rails console
:001 > user = User.new(:email => "test@example.com")
:002 > user.password = "passw0rd"
:003 > user.save!
:004 > quit

To log in using a manually created account: # Go to https://auth.your.domain/users/sign_in # Enter the email address and password and click on "Sign in" # You will arrive at a page "You are now signed in as test@example.com" # Go to https://workbench.@uuid_prefix@.your.domain/ # Click on the Workbench "Log in" button. # You should now be logged in to Workbench. Confirm by looking for the email address displayed in the upper right. h2. Start the SSO server h3. Run a simple standalone server You can use the Webrick server that is bundled with Ruby to quickly verify that your installation is functioning:

~/arvados/services/api$ RAILS_ENV=production bundle exec rails server

h3. Production environment As a Ruby on Rails application, the SSO server should be compatible with any Ruby application server that supports Rack applications. We recommend "Passenger":https://www.phusionpassenger.com/ to run the SSO server in production.