docs: add quickstart & document google provider setup #23
Conversation
| It is used to provide single-sign-on authentication and authorization for internal web applications behind it by ensuring that only people in a specific email domain (and optionally users in specific Google Groups) can access them. It consists of two processes - `sso-auth` and `sso-proxy`. | ||
| It depends on Google as its authoritative OAuth2 provider, and authenticates | ||
| users against a specific email domain. Further authorization based on Google | ||
| Group membership can be required on a per-upstream basis. |
There was a problem hiding this comment.
I tweaked the README here because there was some redundancy in the opening two paragraphs, which both gave a brief intro to what sso is!
| # =========================================================================== | ||
| sso-proxy: | ||
| image: buzzfeed/sso:latest # change this to `build: ..` to try local changes | ||
| entrypoint: /bin/sso-proxy |
There was a problem hiding this comment.
do we need working_dir: /go/src/github.com/buzzfeed/sso/ here to handle the static css properly?
i get this fail without it
There was a problem hiding this comment.
@danbf I'm pretty sure this is an indication that you're not actually running the latest docker image
There was a problem hiding this comment.
nvm, yup: this fixed it docker rm -f $(docker ps -aq); docker rmi -f $(docker image list -q)
|
|
||
| sso-auth: | ||
| image: buzzfeed/sso:latest # change this to `build: ..` to try local changes | ||
| entrypoint: /bin/sso-auth |
There was a problem hiding this comment.
do we need working_dir: /go/src/github.com/buzzfeed/sso/ here to handle the static css properly?
i get this fail without it
There was a problem hiding this comment.
nvm, yup: this fixed it docker rm -f $(docker ps -aq); docker rmi -f $(docker image list -q)
| - 'sso-auth.localtest.me:172.20.0.1' | ||
|
|
||
| sso-auth: | ||
| image: buzzfeed/sso:latest # change this to `build: ..` to try local changes |
There was a problem hiding this comment.
can we set this to buzzfeed/sso:release-1.0.0 ?
| # - http://httpbin.sso.localtest.me | ||
| # =========================================================================== | ||
| sso-proxy: | ||
| image: buzzfeed/sso:latest # change this to `build: ..` to try local changes |
There was a problem hiding this comment.
can we set this to buzzfeed/sso:release-1.0.0 ?
docs/google_provider_setup.md
Outdated
| - **Service account name**: Any appropriate name is fine. We recommend `sso-authenticator`. | ||
| - **Service account ID**: Google will generate this as you type the "account name". We recommend | ||
| leaving as-is. | ||
| - **Project rol**: No project roles are required for `sso`. |
This uses docker-compose to spin up an example deployment of sso and two protected upstreams.
mccutchen
force-pushed
the
quickstart-tweaks
branch
from
bdff60c
to
f859809
Compare
This builds on @danbf and @katzdm's work in #18 to provide:
docker-composeto spin up an example deployment ofssoand two secured upstream servicesRFR @buzzfeed/infra-security