X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/7a98271d94163cdc4afa5bfcf275db353bc062d2..a32c4f9997a0c8941b62668c5e59941985359c05:/doc/install/install-sso.html.textile.liquid
diff --git a/doc/install/install-sso.html.textile.liquid b/doc/install/install-sso.html.textile.liquid
index f220ef6d36..f272d857a7 100644
--- a/doc/install/install-sso.html.textile.liquid
+++ b/doc/install/install-sso.html.textile.liquid
@@ -4,21 +4,74 @@ navsection: installguide
title: Install Single Sign On (SSO) server
...
+h2(#dependencies). Install dependencies
+
+Make sure you have "Ruby and Bundler":install-manual-prerequisites-ruby.html installed.
+
+h2(#install). Install SSO server
+
+h3. Get SSO server code and create database
+
-~$ git clone https://github.com/curoverse/sso-devise-omniauth-provider.git
+~$ cd $HOME # (or wherever you want to install)
+~$ git clone https://github.com/curoverse/sso-devise-omniauth-provider.git
~$ cd sso-devise-omniauth-provider
~/sso-devise-omniauth-provider$ bundle install
-~/sso-devise-omniauth-provider$ rake db:create
-~/sso-devise-omniauth-provider$ rake db:migrate
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:create
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:migrate
+
+
+
+h3. Configure Rails secret
+
+Create a secret:
+
+
+~/sso-devise-omniauth-provider$ cp -i config/initializers/secret_token.rb.example config/initializers/secret_token.rb
~/sso-devise-omniauth-provider$ rake secret
+zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
+
+
+
+Edit @config/initializers/secret_token.rb@ to set @config.secret_token@ to the string produced by @rake secret@.
+
+h3. Configure upstream authentication provider
+
+
+~/sso-devise-omniauth-provider$ cp -i config/environments/production.rb.example config/environments/production.rb
+
+
+
+Edit @config/environments/production.rb@ to set @config.google_oauth2_client_id@ and @config.google_oauth2_client_secret@. See "Omniauth Google OAuth2 gem documentation":https://github.com/zquestz/omniauth-google-oauth2 and "Using OAuth 2.0 to Access Google APIs":https://developers.google.com/accounts/docs/OAuth2 for information about using the "Google Developers Console":https://console.developers.google.com to get a Google client id and client secret.
+
+h3(#client). Create arvados-server client
+
+Use @rails console@ to create a @Client@ record that will be used by the Arvados API server. The values of @app_id@ and @app_secret@ correspond to the @APP_ID@ and @APP_SECRET@ that must be set in in "Setting up Omniauth in the API server.":install-api-server.html#omniauth
+
+
+~/sso-devise-omniauth-provider$ rake secret
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-~/sso-devise-omniauth-provider$ rails console
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rails console
irb(main):001:0> c = Client.new
irb(main):002:0> c.name = "joshid"
irb(main):003:0> c.app_id = "arvados-server"
irb(main):004:0> c.app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
irb(main):005:0> c.save!
irb(main):006:0> quit
-~/sso-devise-omniauth-provider$ rails server --port=3002
+
+h2. Start the SSO server
+
+h3. Run a simple standalone server
+
+You can use the Webrick server that is bundled with Ruby to quickly verify that your installation is functioning:
+
+
+~/arvados/services/api$ RAILS_ENV=production bundle exec rails server
+
+
+
+h3. Production environment
+
+As a Ruby on Rails application, the SSO server should be compatible with any Ruby application server that supports Rack applications. We recommend "Passenger":https://www.phusionpassenger.com/ to run the SSO server in production.