X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/4799a403b984cefe2d1bc1a70374ed6b4b0c64fd..7d5d40c55d2a38b12e810f3b9d3e168ee434cbd2:/doc/install/install-sso.html.textile.liquid
diff --git a/doc/install/install-sso.html.textile.liquid b/doc/install/install-sso.html.textile.liquid
index eebfec5032..3efe124ca2 100644
--- a/doc/install/install-sso.html.textile.liquid
+++ b/doc/install/install-sso.html.textile.liquid
@@ -6,21 +6,24 @@ title: Install Single Sign On (SSO) server
h2(#dependencies). Install dependencies
-Make sure you have "Ruby and Bundler":install-manual-prerequisites-ruby.html installed.
+h3(#install_ruby_and_bundler). Install Ruby and Bundler
+
+{% include 'install_ruby_and_bundler' %}
+
+h3(#install_postgres). Install PostgreSQL
+
+{% include 'install_postgres' %}
h2(#install). Install SSO server
-h3. Get SSO server code and create database
+h3. Get SSO server code and run bundle
-~$ cd $HOME # (or wherever you want to install)
~$ git clone https://github.com/curoverse/sso-devise-omniauth-provider.git
~$ cd sso-devise-omniauth-provider
-~/sso-devise-omniauth-provider$ bundle install
-~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:create
-~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:migrate
-
+* Enable the Contacts and Google+ APIs. +* Create an OAuth Client ID for a web application. +** JavaScript origins: @https://sso.example.com/@ +** Redirect URIs: @https://sso.example.com/auth/google_oauth2/callback@ + +Copy the "Client ID" and "Client secret" values from the Google Developers Console into the Google section of @config/application.yml@, like this: + +-h3(#ldap). ldap authentication +h3(#ldap). LDAP authentication LDAP authentication can be configured with these options. Make sure to preserve the indentation of the fields beyond @use_ldap@. @@ -95,7 +105,7 @@ LDAP authentication can be configured with these options. Make sure to preserve use_ldap: false -h3(#local_accounts). local account authentication +h3(#local_accounts). Local account authentication If neither Google OAuth2 nor LDAP are enabled, the SSO server automatically falls back to local accounts. There are two configuration options for local @@ -122,6 +132,53 @@ You can also create local accounts on the SSO server from the rails console: +h2. Set up the database + +Generate a new database password. Nobody ever needs to memorize it or type it, so make a strong one: + ++ + google_openid_realm: false# Google API tokens required for OAuth2 login. # # See https://github.com/zquestz/omniauth-google-oauth2 # # and https://developers.google.com/accounts/docs/OAuth2 - google_oauth2_client_id: false - google_oauth2_client_secret: false + google_oauth2_client_id: "---YOUR---CLIENT---ID---HERE---" + google_oauth2_client_secret: "---YOUR---CLIENT---SECRET---HERE---" # Set this to your OpenId 2.0 realm to enable migration from Google OpenId # 2.0 to Google OAuth2 OpenId Connect (Google will provide OpenId 2.0 user # identifiers via the openid.realm parameter in the OAuth2 flow until 2017). - google_openid_realm: false -
~/sso-devise-omniauth-provider$ ruby -e 'puts rand(2**128).to_s(36)'
+abcdefghijklmnopqrstuvwxyz012345689
+
~/sso-devise-omniauth-provider$ sudo -u postgres createuser --createdb --encrypted -R -S --pwprompt arvados_sso
+Enter password for new role: paste-database-password-you-generated
+Enter it again: paste-database-password-you-generated
+
~/sso-devise-omniauth-provider$ cp -i config/database.yml.sample config/database.yml
+~/sso-devise-omniauth-provider$ edit config/database.yml
+
~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:setup
+
~/sso-devise-omniauth-provider$ su postgres createdb arvados_sso_production -E UTF8 -O arvados_sso
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:schema:load
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:seed
+
~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake assets:precompile
+
+~/arvados/services/api$ RAILS_ENV=production bundle exec rails server
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rails server