[ARVADOS] updated: 5a477e71cb61c2e560e699881ac6a1d5a2fab602

git at public.curoverse.com git at public.curoverse.com
Fri Nov 21 13:14:38 EST 2014 

Summary of changes:
 doc/install/install-api-server.html.textile.liquid | 24 ++++++---------
 doc/install/install-sso.html.textile.liquid        | 35 ++++++++++++++++++++--
 2 files changed, 41 insertions(+), 18 deletions(-)

       via  5a477e71cb61c2e560e699881ac6a1d5a2fab602 (commit)
      from  c70fde67e6f6937dd63889da4df185003ce44e60 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 5a477e71cb61c2e560e699881ac6a1d5a2fab602
Author: Peter Amstutz <peter.amstutz at curoverse.com>
Date:   Fri Nov 21 13:15:17 2014 -0500

    4570: Update documentation on configuring SSO server and configuring API server
    to use SSO server.

diff --git a/doc/install/install-api-server.html.textile.liquid b/doc/install/install-api-server.html.textile.liquid
index 6440a54..a925def 100644
--- a/doc/install/install-api-server.html.textile.liquid
+++ b/doc/install/install-api-server.html.textile.liquid
@@ -89,7 +89,7 @@ If you want access control on your "Keepstore":install-keepstore.html server(s),
 
 h3. workbench_address
 
-Fill in the url of your workbench application in in @workbench_address@, for example 
+Fill in the url of your workbench application in in @workbench_address@, for example
 
   https://workbench.@prefix_uuid@.your.domain
 
@@ -146,7 +146,7 @@ You can safely ignore the following error message you may see when loading the d
 <pre><code>ERROR:  must be owner of extension plpgsql</code></pre></notextile>
 </div>
 
-h2. Set up omniauth
+h2(#omniauth). Set up omniauth
 
 First copy the omniauth configuration file:
 
@@ -154,20 +154,14 @@ First copy the omniauth configuration file:
 <pre><code>~/arvados/services/api$ <span class="userinput">cp -i config/initializers/omniauth.rb.example config/initializers/omniauth.rb
 </code></pre></notextile>
 
-Edit @config/initializers/omniauth.rb@, and tell your api server to use the Curoverse SSO server for authentication. Use the @APP_SECRET@ specified in the snippet below.
+Edit @config/initializers/omniauth.rb@ to configure the SSO server for authentication.  @APP_ID@ and @APP_SECRET@ correspond to the @app_id@ and @app_secret@ set in "Create arvados-server client for Single Sign On (SSO)":install-sso.html#client and @CUSTOM_PROVIDER_URL@ is the endpoint to connect to your SSO server.
 
 <notextile>
-<pre><code>APP_ID = 'local_docker_installation'
-APP_SECRET = 'yohbai4eecohshoo1Yoot7tea9zoca9Eiz3Tajahweo9eePaeshaegh9meiye2ph'
-CUSTOM_PROVIDER_URL = 'https://auth.curoverse.com'
-</code></pre></notextile>
-</pre>
-
-<div class="alert alert-block alert-info">
-  <button type="button" class="close" data-dismiss="alert">×</button>
-  <h4>Note!</h4>
-  <p>You can also run your own SSO server. However, the SSO server codebase currently uses OpenID 2.0 to talk to Google's authentication service. Google <a href="https://developers.google.com/accounts/docs/OpenID2">has deprecated that protocol</a>. This means that new clients will not be allowed to talk to Google's authentication services anymore over OpenID 2.0, and they will phase out the use of OpenID 2.0 completely in the coming monts. We are working on upgrading the SSO server codebase to a newer protocol. That work should be complete by the end of November 2014. In the mean time, anyone is free to use the existing Curoverse SSO server for any local Arvados installation.</p>
-</div>
+<pre><code>APP_ID = 'arvados-server'
+APP_SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
+CUSTOM_PROVIDER_URL = 'https://sso.example.com/'
+</code></pre>
+</notextile>
 
 h2. Start the API server
 
@@ -181,7 +175,7 @@ If you plan to run in development mode, you can now run the development server t
 
 h3. Production environment
 
-We recommend "Passenger":https://www.phusionpassenger.com/ to run the API server in production. 
+We recommend "Passenger":https://www.phusionpassenger.com/ to run the API server in production.
 
 Point it to the services/api directory in the source tree.
 
diff --git a/doc/install/install-sso.html.textile.liquid b/doc/install/install-sso.html.textile.liquid
index 9cf4c4f..4222ea6 100644
--- a/doc/install/install-sso.html.textile.liquid
+++ b/doc/install/install-sso.html.textile.liquid
@@ -4,14 +4,14 @@ navsection: installguide
 title: Install Single Sign On (SSO) server
 ...
 
-{% include 'skip_sso_server_install' %}
-
 h2(#dependencies). Install dependencies
 
 Make sure you have "Ruby and bundler":install-manual-prerequisites-ruby.html installed.
 
 h2(#install). Install SSO server
 
+h3. Get SSO server code and create database
+
 <notextile>
 <pre><code>~$ <span class="userinput">cd $HOME</span> # (or wherever you want to install)
 ~$ <span class="userinput">git clone https://github.com/curoverse/sso-devise-omniauth-provider.git</span>
@@ -19,7 +19,37 @@ h2(#install). Install SSO server
 ~/sso-devise-omniauth-provider$ <span class="userinput">bundle install</span>
 ~/sso-devise-omniauth-provider$ <span class="userinput">rake db:create</span>
 ~/sso-devise-omniauth-provider$ <span class="userinput">rake db:migrate</span>
+</code></pre>
+</notextile>
+
+h3. Configure Rails secret
+
+Create a secret:
+
+<notextile>
+<pre><code>~/sso-devise-omniauth-provider$ <span class="userinput">cp -i config/initializers/secret_token.rb.example config/initializers/secret_token.rb</span>
 ~/sso-devise-omniauth-provider$ <span class="userinput">rake secret</span>
+zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
+</code></pre>
+</notextile>
+
+Edit @config/initializers/secret_token.rb@ to set @config.secret_token@ to the string produced by @rake secret at .
+
+h3. Configure upstream authentication provider
+
+<notextile>
+<pre><code>~/sso-devise-omniauth-provider$ <span class="userinput">cp -i config/environment.rb.example config/environment.rb</span>
+</code></pre>
+</notextile>
+
+Edit @config/environment.rb@ to set @config.google_client_id@ and @config.google_client_secret at .  See "Omniauth Google OAuth2 gem documentation":https://github.com/zquestz/omniauth-google-oauth2 and "Using OAuth 2.0 to Access Google APIs":https://developers.google.com/accounts/docs/OAuth2 for information about using the "Google Developers Console":https://console.developers.google.com to get a Google client id and client secret.
+
+h3(#client). Create arvados-server client
+
+Use @rails console@ to create a @Client@ record that will be used by the Arvados API server.  The values of @app_id@ and @app_secret@ correspond to the @APP_ID@ and @APP_SECRET@ that must be set in in "Setting up Omniauth in the API server.":install-api-server.html#omniauth
+
+<notextile>
+<pre><code>~/sso-devise-omniauth-provider$ <span class="userinput">rake secret</span>
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 ~/sso-devise-omniauth-provider$ <span class="userinput">rails console</span>
 irb(main):001:0> <span class="userinput">c = Client.new</span>
@@ -28,6 +58,5 @@ irb(main):003:0> <span class="userinput">c.app_id = "arvados-server"</span>
 irb(main):004:0> <span class="userinput">c.app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"</span>
 irb(main):005:0> <span class="userinput">c.save!</span>
 irb(main):006:0> <span class="userinput">quit</span>
-~/sso-devise-omniauth-provider$ <span class="userinput">rails server --port=3002</span>
 </code></pre>
 </notextile>

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list