From 3546ee914e24cf3995172db4cc93e5ef77cd3632 Mon Sep 17 00:00:00 2001 From: kirklholub Date: Fri, 29 Dec 2023 16:01:05 +0000 Subject: [PATCH] Forgot to update README --- README | 18 +++++++++++++----- blmcontacts.txt | 30 +----------------------------- 2 files changed, 14 insertions(+), 34 deletions(-) diff --git a/README b/README index 9a21a7d..e5e3bf6 100755 --- a/README +++ b/README @@ -2,13 +2,16 @@ Welcome to ssop, a Single Sign On Portal which uses login.gov as an Identity Ver 1) Clone ssop repo 2) Change directory ssop -3) Create a virtual environment named venv: python3.8 -m venv venv - NOTE: Python 3.6 not being supported WRT crypto -- no point in staring at 3.7 +3) Create a virtual environment named venv: python3.9 -m venv venv + NOTE: Python 3.6 not being supported WRT crypto 4) Upgrade pip to latest and then pip install -r requirements.txt 5) If needed, use https://developers.login.gov to establish a sandbox environment, create a team (yourself and collaborators if desired), then create and app. 6) Update LOGINDOTGOV_ related parameters in ssop/settings.py with results from 5 or from a configuration management system (CMS). -7) Update JWT_ related parameters as needed or from a CMS. +7) Update JWT_ related parameters in ssop/settings.py as needed or from a CMS. +8) Update account management parameters in ssop/settings.py as desired +9) Update SSO, AUTH_SAML_*, EMAIL, LOGGING, SSOP_DEPLOY*, DATABASE, possibly other variables in ssop/settings.py as required and/or desired. +9) Deploy AWS resources as needed See the images in the screenshot folder to aid with LOGINDOTGOV settings. Also, a final user attributes screen can be seen. @@ -19,11 +22,13 @@ Files in etc/nginx and etc/systemd/system demonstrate a full webserver with back Once configured enable the services: sudo systemctl enable ssop_gunicorn.socket sudo systemctl enable ssop_gunicorn.service + sudo systemclt enable ssop_account_review.service And start them: sudo systemctl start ssop_gunicorn.socket sudo systemctl start ssop_gunicorn.service - + sudo systemclt start ssop_account_review.service + After any python code changes sudo systemctl restart ssop_gunicorn.service @@ -31,7 +36,9 @@ Files in etc/nginx and etc/systemd/system demonstrate a full webserver with back It works best to use an incognito window. Otherwise the only way to truly logout is close the browser. Using an incognito windows allows for a fresh session for each login test. -Only tested with Chrome. +Tested mostly with Chrome. +Also appears to Firefox. +Safari and CAC stil do not play well together ------------------------------------------- @@ -90,3 +97,4 @@ SELINUX content and user types: Kirk Holub kirk.l.holub@noaa.gov +29 Dec 2023 diff --git a/blmcontacts.txt b/blmcontacts.txt index 5ea0ee9..8b13789 100755 --- a/blmcontacts.txt +++ b/blmcontacts.txt @@ -1,29 +1 @@ -david.tomalak@noaa.gov,David,Tomalak -woody.roberts@noaa.gov,Woody,Roberts -nnauslar@blm.gov,Nnauslar,Nnauslar -chaskell@blm.gov,Chaskell,Chaskell -cfdierking@alaska.edu,Cfdierking,Cfdierking -basil.newmerzhycky@usda.gov,Basil,Newmerzhycky -dborsum@blm.gov,Dborsum,Dborsum -rkrohn@blm.gov,Rkrohn,Rkrohn -eugene.berger@noaa.gov,Eugene,Berger -dan.nietfeld@noaa.gov,Dan,Nietfeld -kirk.l.holub@noaa.gov,Kirk,Holub -jebb.q.stewart@noaa.gov,Jebb,Stewart -scott.nahman@noaa.gov,Scott,Nahman -curtis.alexader@noaa.gov,Curtis,Alexader -bunnypfau@gmail.com,Bunnypfau,Bunnypfau -mvrencur@gmail.com,Mvrencur,Mvrencur -bernadette.pfau@noaa.gov,Bernadette,Pfau -michael.vrencur@noaa.gov,Michael,Vrencur -none@domain.tld,#None,None -tomalakd@msn.com,tomalakd,tomalakd -first.last@domain.tld,newFirst,Last -linus.kamb@noaa.gov,Linus,Kamb -jamie.r.rhome@noaa.gov,Jamie,Rhome -wallace.hogsett@noaa.gov,Wallace,Hogsett -taylor.trogdon@noaa.gov,Taylor,Trogdon -michael.j.brennan@noaa.gov,Michael,Brennan -pablo.santos@noaa.gov,Pablo,Santos -nathan.hardin@noaa.gov,Nathan,Hardin -nreimer@blm.gov,Nreimer,Nreimer +