Verify My Identity (VMI)
Verify My Identity is a certified OpenID Connect Provider. Its supports advanced feastures such as role-based permissions relationships between organizations, staff users, and consumer users. Other features include:
- Trusted Referee Support - According to NIST Digital Identity Guidelines (SP 800-63-3).
- Support for upstream IdPs such as Okta, Ping and Google.
- Support for setting user's identity assurance and authenticator assurance levels.
- FIDO U2F / FIDO 2 Multi-factor authentication support
- Text Message Multi-factor authentication support
- Vectors of Trust
- Support for
addressclaims as defined in the iGov Profile for OIDC.
This project is based on Python 3.6 and Django 2.2.18.
Download the project:
git clone https://github.com/videntity/vmi.git
Install dev libraries
(Ubuntu/Debian) sudo apt-get install python3.6-dev libsasl2-dev python-dev libldap2-dev libssl-dev (RetHat/CentOS) Install supporting libraries. (Consider using virtualenv for your python setup). sudo yum install python-devel openldap-devel cd vmi pip install -r requirements.txt Depending on your local environment you made need some supporting libraries for the above command to run cleanly. For example you need a compiler and python-dev. Add some entries to your `/etc/hosts` file. If running this OIDC server in conjunction with `oauth2org` (OAuth2 server) on the same machine for development, then we recommend setting up names for each server host in `/etc/hosts`. You might add lines like the following to `/etc/hosts` file: 127.0.0.1 verifymyidentity 127.0.0.1 oauth2org Setup some local environment variables via whatever stategy you choose. The default is using a `.env` file containing the following. Set this variable specific toy your hostname and environment export EC2PARAMSTORE_4_ENVIRONMENT_VARIABLES=".ENV" export AWS_ACCESS_KEY_ID="YOUR_KEY_ID" export AWS_SECRET_ACCESS_KEY="YOUR_SECRET" export OIDC_PROVIDER="http://verifymyidentity:8000" export OIDC_ISSUER="http://verifymyidentity:8000" export HOSTNAME_URL="http://verifymyidentity:8000" export ALLOWED_HOSTS="*" export DJANGO_SUPERUSER_USERNAME="youruser" export DJANGO_SUPERUSER_PASSWORD="yourpassword" export DJANGO_SUPERUSER_EMAIL="email@example.com" export DJANGO_SUPERUSER_FIRST_NAME="Super" export DJANGO_SUPERUSER_LAST_NAME="User" export FROM_EMAIL="firstname.lastname@example.org" export ADMIN_EMAIL="email@example.com" # If using Twilio for SMS delivery export TWILIO_ACCOUNT_SID="ACcccXXXXXXXXXXXXXXXXXXXXXX" export TWILIO_TOKEN="4161XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" export TWILIO_FROM_NUMBER="+12025555555" # If using Sendgrid for email delivery export SENDGRID_API_KEY="SG.FyxxxXXXXXXXXXXXXXXXXXXXXXX.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXi0c0MuH3Af_g" # Do some basic branding. (See the settings file for more options.) export SUBJECT_LUHN_PREFIX = env('SUBJECT_LUHN_PREFIX', '012345') export ORGANIZATION_NAME = env('DJANGO_APPLICATION_TITLE', "ACME Health") # You may also override the top left project name export TOP_LEFT_TITLE = env('TOP_LEFT_TITLE', 'verify my identity2') export PARTNER_REF = env('PARTNER_REF', 'Partner Health') This is how you can brand the project to your needs. A paid license is required to modify/brand VMI for your needs. See the `settings.py` and for a full list. Below are some basic variable you may want to set. Just add the above to a `.env` and then do a `source .env`. Without valid AWS credentials email and SMS text functions will not work. The superuser settings are used to create a default superuser. Create the database: python manage.py migrate Create initial Groups and Permissions, and Organizations python manage.py create_default_groups python manage.py create_sample_organizations Create a superuser (Optional) python manage.py create_super_user_from_envars In development our convention is to run `vmi` on port `8000` and `oauth2org` on 8001. To start this server on port 8000 issue the following command. python manage.py runserver This will start the server on the default port of `8000`. Docker Installation ------------------- Alternatively, a Docker configuration is available in: .development By default the docker instance will be attached to port **8000** on localhost It will also configure a postgreSQL instance on port **5432**. If you're working with a fresh db image the migrations have to be run. ``` docker-compose -f .development/docker-compose.yml exec web python manage.py migrate ``` If you make changes to `requirements.txt` to add libraries re-run `docker-compose` with the `--build` option. After the VMI Docker container is completely setup, you execute Django commands like so: `docker-compose -f .development/docker-compose.yml exec web python manage.py` ## Associated Projects [VerifyMyIdentity - VMI](https://github.com/videntity/vmi), a standards-focused OpenID Connect Identity Provider. [Oauth2org](https://github.com/TransparentHealth/oauth2org) is designed as a consumer-mediated health information exchange. It is an OAuth2 Provider and FHIR Server. ShareMyHealth acts as a relying party to [vmi](https://github.com/videntity/vmi). ## Supporting Resources vmi uses css resources from Bootstrap (v.3.3.x) and Font-Awesome (v4.4.x).