SSO is an OpenID Connect Identity Provider with user and organisation management. The user and organisation data are exposed via a JSONLD/Hydra Api. Api entry point is /api/

manage.py runserver

with ssl

INSTALLED_APPS = INSTALLED_APPS + ['django_extensions'] SSO_USE_HTTPS = True SSO_DOMAIN = "localhost:8433"

manage.py runserver_plus localhost:8443 --cert-file ../temp/cert

Run

docker-compose up

or

Helm must be installed to use the charts. Please refer to Helm documentation to get started.

Once Helm has been set up correctly, add the repo as follows:

helm repo add g10f https://g10f.github.io/helm-charts

If you had already added this repo earlier, run helm repo update to retrieve the latest versions of the packages.

To install the sso chart:

helm install my-sso g10f/sso

To uninstall the chart:

helm delete my-sso

1. Get python >= 3.8
2. Create virtualenv for sso: python3 -m venv venv
3. Activate the virtual environment source venv/bin/activate
4. Update the Python package manager pip install -U pip
5. Install sso requirements in the virtualenv with: pip install -r requirements.txt
6. Install postgresql sudo apt install postgresql
7. Install postgis sudo apt install postgis
8. Update template1 database for using citext extension: sudo -u postgres psql -c "CREATE EXTENSION IF NOT EXISTS citext;" template1
9. Update template1 database for using postgis extension: sudo -u postgres psql -c "CREATE EXTENSION IF NOT EXISTS postgis;" template1
10. Create sso database user sudo -u postgres psql -c "CREATE USER sso CREATEDB PASSWORD 'sso'"
11. Create empty sso database sudo -u postgres psql -c 'CREATE DATABASE sso OWNER sso'
12. Create the database tables with ./manage.py migrate
13. Create a superuser for login ./manage.py createsuperuser
14. Start the develpment server with ./manage.py runserver

1. Install selenium and uritemplate packages in the sso virtualenv pip install selenium pip install uritemplate
2. Get the latest chromedriver from https://chromedriver.storage.googleapis.com/index.html and copy the binary in to a directory in the PATH (e.g. /usr/local/bin/)

Environment vars:

3.3.23

• fido2 version 1.1
• switched to Fido2 only
• fixed iOS compatibility

3.2.0

• support for WebAuthn, allows usb-keys, fingerprint and windows hello

3.1.4

• Docker support

3.0.1

• django 3.1 compatibility
• automatically create and change the signature keys with: ./manage.py rotate_signing_keys

• new settings with the following defaults

  SSO_ACCESS_TOKEN_AGE = 60 * 60 # 1 hour

  SSO_ID_TOKEN_AGE = 60 * 5 # 5 minutes

  SSO_SIGNING_KEYS_VALIDITY_PERIOD = 60 * 60 * 24 * 30 # 30 days

2.1.0

• django 2.2 compatibility
• oauthlib>=3
• New UserNote Model
• application specific scopes to restrict the clients which have access to user applicationroles
• Key value table to store arbitrary user attributes. The UI/forms can be overwritten by settings.
• new select box for administration of user applicationroles
• support post_logout_redirect_uri of OIDC spec

1.3.1:

• User Organisations are stored through exlicit membership class/table

1.3.0

• PKCE support

1.2.1:

Django 2.0 compatibility

1.0.0:

OAuth2 and OpenID Connect Support

1.2.0:

Organisation Data Management

1.1.0:

JSONLD/Hydra Api