X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/ec33dfc2c78909afccaac09f80a98194a7e3a787..5b970a6c9505527e146e73cb4756a64ecc1679cd:/doc/install/install-sso.html.textile.liquid
diff --git a/doc/install/install-sso.html.textile.liquid b/doc/install/install-sso.html.textile.liquid
index 646cb3bfe2..b0ad8b4253 100644
--- a/doc/install/install-sso.html.textile.liquid
+++ b/doc/install/install-sso.html.textile.liquid
@@ -6,7 +6,7 @@ title: Install Single Sign On (SSO) server
h2(#dependencies). Install dependencies
-Make sure you have "Ruby and bundler":install-manual-prerequisites-ruby.html installed.
+Make sure you have "Ruby and Bundler":install-manual-prerequisites-ruby.html installed.
h2(#install). Install SSO server
@@ -17,8 +17,8 @@ h3. Get SSO server code and create database
~$ git clone https://github.com/curoverse/sso-devise-omniauth-provider.git
~$ cd sso-devise-omniauth-provider
~/sso-devise-omniauth-provider$ bundle install
-~/sso-devise-omniauth-provider$ rake db:create
-~/sso-devise-omniauth-provider$ rake db:migrate
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:create
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rake db:migrate
@@ -28,50 +28,74 @@ Create a secret:
~/sso-devise-omniauth-provider$ cp -i config/initializers/secret_token.rb.example config/initializers/secret_token.rb
-~/sso-devise-omniauth-provider$ rake secret
+~/sso-devise-omniauth-provider$ ruby -e 'puts rand(2**400).to_s(36)'
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
-Edit @config/initializers/secret_token.rb@ to set @config.secret_token@ to the string produced by @rake secret@.
+Edit @config/initializers/secret_token.rb@ to set @config.secret_token@ to the string produced by @rand@ above.
h3. Configure upstream authentication provider
+This will enable users to log in using their existing Google accounts. If you don't want to use Google for account services, you can also "add accounts manually.":#manual-accounts
+
-~/sso-devise-omniauth-provider$ cp -i config/environment.rb.example config/environment.rb
+~/sso-devise-omniauth-provider$ cp -i config/environments/production.rb.example config/environments/production.rb
-Edit @config/environment.rb@ to set @config.google_client_id@ and @config.google_client_secret@. See "Omniauth Google OAuth2 gem documentation":https://github.com/zquestz/omniauth-google-oauth2 and "Using OAuth 2.0 to Access Google APIs":https://developers.google.com/accounts/docs/OAuth2 for information about using the "Google Developers Console":https://console.developers.google.com to get a Google client id and client secret.
+Edit @config/environments/production.rb@ to set @config.google_oauth2_client_id@ and @config.google_oauth2_client_secret@. See "Omniauth Google OAuth2 gem documentation":https://github.com/zquestz/omniauth-google-oauth2 and "Using OAuth 2.0 to Access Google APIs":https://developers.google.com/accounts/docs/OAuth2 for information about using the "Google Developers Console":https://console.developers.google.com to get a Google client id and client secret.
h3(#client). Create arvados-server client
Use @rails console@ to create a @Client@ record that will be used by the Arvados API server. The values of @app_id@ and @app_secret@ correspond to the @APP_ID@ and @APP_SECRET@ that must be set in in "Setting up Omniauth in the API server.":install-api-server.html#omniauth
-~/sso-devise-omniauth-provider$ rake secret
+~/sso-devise-omniauth-provider$ ruby -e 'puts rand(2**400).to_s(36)'
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-~/sso-devise-omniauth-provider$ rails console
-irb(main):001:0> c = Client.new
-irb(main):002:0> c.name = "joshid"
-irb(main):003:0> c.app_id = "arvados-server"
-irb(main):004:0> c.app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-irb(main):005:0> c.save!
-irb(main):006:0> quit
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rails console
+:001 > c = Client.new
+:002 > c.name = "joshid"
+:003 > c.app_id = "arvados-server"
+:004 > c.app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+:005 > c.save!
+:006 > quit
+h2(#manual-accounts). Adding user accounts manually
+
+Instead of relying on an upstream authentication such as Google, you can create accounts on the SSO server manually.
+
+
+~/sso-devise-omniauth-provider$ RAILS_ENV=production bundle exec rails console
+:001 > user = User.new(:email => "test@example.com")
+:002 > user.password = "passw0rd"
+:003 > user.save!
+:004 > quit
+
+
+
+To log in using a manually created account:
+
+# Go to https://auth.your.domain/users/sign_in
+# Enter the email address and password and click on "Sign in"
+# You will arrive at a page "You are now signed in as test@example.com"
+# Go to https://workbench.@uuid_prefix@.your.domain/
+# Click on the Workbench "Log in" button.
+# You should now be logged in to Workbench. Confirm by looking for the email address displayed in the upper right.
+
h2. Start the SSO server
-h3. Development environment
+h3. Run a simple standalone server
-To run in development mode, you can now run the development server this way:
+You can use the Webrick server that is bundled with Ruby to quickly verify that your installation is functioning:
-~/arvados/services/api$ bundle exec rails server
+~/arvados/services/api$ RAILS_ENV=production bundle exec rails server
h3. Production environment
-As a Ruby on Rails application, the SSO server should be compatible with any Ruby application server that supports Rack applications.
+As a Ruby on Rails application, the SSO server should be compatible with any Ruby application server that supports Rack applications. We recommend "Passenger":https://www.phusionpassenger.com/ to run the SSO server in production.