X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/675794872a5d064cf0a8177d662555c04b0dae51..415ecc439212c2a670b1df05c3e8b1a90245243e:/doc/install/install-sso.html.textile.liquid
diff --git a/doc/install/install-sso.html.textile.liquid b/doc/install/install-sso.html.textile.liquid
index 2f2ba5151b..3efe124ca2 100644
--- a/doc/install/install-sso.html.textile.liquid
+++ b/doc/install/install-sso.html.textile.liquid
@@ -4,22 +4,209 @@ navsection: installguide
title: Install Single Sign On (SSO) server
...
+h2(#dependencies). Install dependencies
+
+h3(#install_ruby_and_bundler). Install Ruby and Bundler
+
+{% include 'install_ruby_and_bundler' %}
+
+h3(#install_postgres). Install PostgreSQL
+
+{% include 'install_postgres' %}
+
+h2(#install). Install SSO server
+
+h3. Get SSO server code and run bundle
+
~$ cd $HOME # (or wherever you want to install)
~$ git clone https://github.com/curoverse/sso-devise-omniauth-provider.git
~$ cd sso-devise-omniauth-provider
-~/sso-devise-omniauth-provider$ bundle install
-~/sso-devise-omniauth-provider$ rake db:create
-~/sso-devise-omniauth-provider$ rake db:migrate
-~/sso-devise-omniauth-provider$ rake secret
+~/sso-devise-omniauth-provider$ bundle
+
~/sso-devise-omniauth-provider$ cp -i config/application.yml.example config/application.yml
+
~/sso-devise-omniauth-provider$ ruby -e 'puts rand(2**400).to_s(36)'
+zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
+
+ # Google API tokens required for OAuth2 login.
+ #
+ # See https://github.com/zquestz/omniauth-google-oauth2
+ #
+ # and https://developers.google.com/accounts/docs/OAuth2
+ google_oauth2_client_id: "---YOUR---CLIENT---ID---HERE---"
+ google_oauth2_client_secret: "---YOUR---CLIENT---SECRET---HERE---"
+
+ # Set this to your OpenId 2.0 realm to enable migration from Google OpenId
+ # 2.0 to Google OAuth2 OpenId Connect (Google will provide OpenId 2.0 user
+ # identifiers via the openid.realm parameter in the OAuth2 flow until 2017).
+ google_openid_realm: false
+ # Enable LDAP support. + # + # If you want to use LDAP, you need to provide + # the following set of fields under the use_ldap key. + # + # use_ldap: false + # title: Example LDAP + # host: ldap.example.com + # port: 636 + # method: ssl + # base: "ou=Users, dc=example, dc=com" + # uid: uid + # email_domain: example.com + # #bind_dn: "some_user" + # #password: "some_password" + use_ldap: false ++ +h3(#local_accounts). Local account authentication + +If neither Google OAuth2 nor LDAP are enabled, the SSO server automatically +falls back to local accounts. There are two configuration options for local +accounts: + +
+ # If true, allow new creation of new accounts in the SSO server's internal + # user database. + allow_account_registration: false + + # If true, send an email confirmation before activating new accounts in the + # SSO server's internal user database. + require_email_confirmation: false ++ +You can also create local accounts on the SSO server from the rails console: + +
~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rails console
+:001 > user = User.new(:email => "test@example.com")
+:002 > user.password = "passw0rd"
+:003 > user.save!
+:004 > quit
+
+~/sso-devise-omniauth-provider$ ruby -e 'puts rand(2**128).to_s(36)'
+abcdefghijklmnopqrstuvwxyz012345689
+
~/sso-devise-omniauth-provider$ sudo -u postgres createuser --createdb --encrypted -R -S --pwprompt arvados_sso
+Enter password for new role: paste-database-password-you-generated
+Enter it again: paste-database-password-you-generated
+
~/sso-devise-omniauth-provider$ cp -i config/database.yml.sample config/database.yml
+~/sso-devise-omniauth-provider$ edit config/database.yml
+
~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:setup
+
~/sso-devise-omniauth-provider$ su postgres createdb arvados_sso_production -E UTF8 -O arvados_sso
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:schema:load
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:seed
+
~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake assets:precompile
+
+~/sso-devise-omniauth-provider$ ruby -e 'puts rand(2**400).to_s(36)'
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-~/sso-devise-omniauth-provider$ rails console
-irb(main):001:0> c = Client.new
-irb(main):002:0> c.name = "joshid"
-irb(main):003:0> c.app_id = "arvados-server"
-irb(main):004:0> c.app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-irb(main):005:0> c.save!
-irb(main):006:0> quit
-~/sso-devise-omniauth-provider$ rails server --port=3002
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rails console
+:001 > c = Client.new
+:002 > c.name = "joshid"
+:003 > c.app_id = "arvados-server"
+:004 > c.app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+:005 > c.save!
+:006 > quit
~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rails server
+
+