navsection: installguide
title: Install the Single Sign On (SSO) server
...
+{% comment %}
+Copyright (C) The Arvados Authors. All rights reserved.
+
+SPDX-License-Identifier: CC-BY-SA-3.0
+{% endcomment %}
h2(#dependencies). Install prerequisites
h3(#install_ruby_and_bundler). Install Ruby and Bundler
-{% include 'install_ruby_and_bundler' %}
+{% include 'install_ruby_and_bundler_sso' %}
h3(#install_web_server). Set up a Web server
h2(#database). Set up the database
-If PostgreSQL was newly installed as a dependency of the @arvados-sso-server@ package, you will need to start the service.
-
-On a Debian-based system:
-
-<notextile>
-<pre><code>~$ <span class="userinput">sudo service postgresql start</span>
-</code></pre>
-</notextile>
-
-On a Red Hat-based system, we also need to initialize the database system:
-
-<notextile>
-<pre><code>~$ <span class="userinput">sudo service postgresql initdb</span>
-~$ <span class="userinput">sudo service postgresql start</span>
-</code></pre>
-</notextile>
-
-{% assign pg_service = "postgresql" %}
-{% assign pg_hba_path = "/var/lib/pgsql/data/pg_hba.conf" %}
-{% include 'install_redhat_postgres_auth' %}
-
-Next, generate a new database password. Nobody ever needs to memorize it or type it, so make a strong one:
-
-<notextile>
-<pre><code>~$ <span class="userinput">ruby -e 'puts rand(2**128).to_s(36)'</span>
-abcdefghijklmnopqrstuvwxyz012345689
-</code></pre></notextile>
-
-Configure the SSO server to connect to your database by updating @/etc/arvados/sso/database.yml@. Replace the @xxxxxxxx@ database password placeholder with the new password you generated above. Be sure to update the @production@ section.
+Configure the SSO server to connect to your database by updating @/etc/arvados/sso/database.yml@. Replace the @xxxxxxxx@ database password placeholder with the "password you generated during database setup":install-postgresql.html#sso. Be sure to update the @production@ section.
<notextile>
<pre><code>~$ <span class="userinput">editor /etc/arvados/sso/database.yml</span>
</code></pre></notextile>
-Create a new database user with permission to create its own databases.
-
-<notextile>
-<pre><code>~$ <span class="userinput">sudo -u postgres createuser --createdb --encrypted -R -S --pwprompt arvados_sso</span>
-Enter password for new role: <span class="userinput">paste-database-password-you-generated</span>
-Enter it again: <span class="userinput">paste-database-password-you-generated</span>
-</code></pre></notextile>
-
-Rails will take care of creating the database, based on the information from @/etc/arvados/sso/database.yml@.
-
-Alternatively, if the database user you intend to use for the SSO server should not be allowed to create new databases, the user and the database can be created like this:
-
-<notextile>
-<pre><code>~$ <span class="userinput">sudo -u postgres createuser --encrypted -R -S --pwprompt arvados_sso</span>
-Enter password for new role: <span class="userinput">paste-database-password-you-generated</span>
-Enter it again: <span class="userinput">paste-database-password-you-generated</span>
-~$ <span class="userinput">sudo -u postgres createdb arvados_sso_production -E UTF8 -O arvados_sso -T template0</span>
-</code></pre></notextile>
-
h2(#reconfigure_package). Reconfigure the package
{% assign railspkg = "arvados-sso-server" %}
# If the authorization origins are not displayed, clicking on *Create Client ID* will take you to *Consent screen* settings.
## On consent screen settings, enter the appropriate details and click on *Save*.
## This will return you to the *Create Client ID* dialog box.
-# You must set the authorization origins. Edit @sso.your-site.com@ to the appropriate hostname that you will use to access the SSO service:
-## JavaScript origin should be @https://sso.your-site.com/@
-## Redirect URI should be @https://sso.your-site.com/users/auth/google_oauth2/callback@
+# You must set the authorization origins. Edit @auth.your.domain@ to the appropriate hostname that you will use to access the SSO service:
+## JavaScript origin should be @https://auth.your.domain/@
+## Redirect URI should be @https://auth.your.domain/users/auth/google_oauth2/callback@
# Copy the values of *Client ID* and *Client secret* from the Google Developers Console into the Google section of @config/application.yml@, like this:
<notextile>
projects / arvados.git / blobdiff