Skip to content
SSO Portal based on oauth2 open id connect protocol
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci
app
bin
config Capistrano should only existing in development. Apr 21, 2019
db Add missing index after not using references and token which used in … Apr 17, 2019
lib
log $ rails new oauth2id --webpack stimulus on 5.2.2 Feb 27, 2019
public $ rails new oauth2id --webpack stimulus on 5.2.2 Feb 27, 2019
storage
test
tmp
vendor $ rails new oauth2id --webpack stimulus on 5.2.2 Feb 27, 2019
.browserslistrc
.gitignore
.rubocop.yml
.yamllint
Capfile
Gemfile Capistrano should only existing in development. Apr 21, 2019
Gemfile.lock
LICENSE
README.md #7 Using saml_idp as SAML 2.0 IdP Apr 18, 2019
Rakefile
babel.config.js
config.ru
logo.png
oauth2id.sublime-project
package.json
postcss.config.js
yarn.lock

README.md

CircleCI

oauth2id

SSO Portal based on oauth2 id protocol

Dev env setup

Setup the puma-dev to support https in local.

brew install puma/puma/puma-dev
sudo puma-dev -setup
puma-dev -install
cd ~/.puma-dev
ln -s /Users/<username>/git/oauth2id oauth2id

Then visit the https://oauth2id.test and accept the invalid https certificate, for higher version MacOS, need opening Keychain Access and moving the Puma-dev CA certificate into the System column under keychains then restarting the browser, it's a known issue

In order to make sure Faraday running in local also works well in https, we also need to add Puma-dev CA in OpenSSL library trust list as well, the OpenSSL CA is by default at /usr/local/etc/openssl/cert.pem, since we already have valid MacOS Pumda-dev CA in system, we can use openssl-osx-ca to regenerate the cert.pem file so just installs and regenerate cert.pem file.

In order to make httpclient also works well in https, need copy generated cert.pem to httpclient folder. There is two pem files in httpclient currently, but Puma-dev CA is 1024, so safe to overwrite.

cp /usr/local/etc/openssl/cert.pem /usr/local/lib/ruby/gems/2.6.0/gems/httpclient-2.8.3/lib/httpclient/cacert.pem

Generate signing key

Open ID Connect

Just following doorkeeper-openid_connect gem readme:

openssl genpkey -algorithm RSA -out oauth2id_oidc_private_key.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -pubout -in oauth2id_oidc_private_key.pem -out oauth2id_oidc_public_key.pem

Notice replace oauth2id with your new site name, notice you can get public key from /oauth/discovery/keys as well.

SAML 2.0

openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout oauth2id_saml_key.key -out oauth2id_saml_cert.crt
# Show SHA1 Fingerprint
openssl x509 -in oauth2id_saml_cert.crt -noout -sha256 -fingerprint
You can’t perform that action at this time.