external-repos/ivatar
1
0
Fork 0
mirror of https://git.linux-kernel.at/oliver/ivatar.git synced 2025-11-11 18:56:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
99b4fdcbcd58625830ea4d490287e7067e8b2d03
ivatar/INSTALL.md
Aurélien Bompard 99b4fdcbcd Add support for OIDC authentication with Fedora 
This adds support for authenticating with Fedora's OpenID Connect (OIDC) provider.

Existing users will be matched by email address, they should be able to use the new authentication method transparently.

This requires getting a `client_id` and a `client_secret` from Fedora Infra, see `INSTALL.md`.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-04-07 11:03:33 +02:00

2.6 KiB
Raw Blame History

Installation

Prerequisites

Python 3.x + virtualenv

CentOS/RHEL 7.x (with EPEL enabled!)

yum install python34-virtualenv.noarch

Debian 11

sudo apt-get update
sudo apt-get install git python3-virtualenv libmariadb-dev libldap2-dev libsasl2-dev

Checkout

git clone https://git.linux-kernel.at/oliver/ivatar.git
cd ivatar

Virtual environment

virtualenv -p python3 .virtualenv
source .virtualenv/bin/activate
pip install pillow
pip install -r requirements.txt

(SQL) Migrations

./manage.py migrate

Collect static files

./manage.py collectstatic -l --no-input

Run local (development) server

./manage.py runserver 0:8080 # or any other free port

Create superuser (optional)

./manage.py createsuperuser # Follow the instructions

Running the testsuite

./manage.py test -v3 # Or any other verbosity level you like

OpenID Connect authentication with Fedora

To enable OpenID Connect (OIDC) authentication with Fedora, you must have obtained a client_id and client_secret pair from the Fedora Infrastructure. Then you must set these values in config_local.py:

SOCIAL_AUTH_FEDORA_KEY = "the-client-id"
SOCIAL_AUTH_FEDORA_SECRET = "the-client-secret"

You can override the location of the OIDC provider with the SOCIAL_AUTH_FEDORA_OIDC_ENDPOINT setting. For example, to authenticate with Fedora's staging environment, set this in config_local.py:

SOCIAL_AUTH_FEDORA_OIDC_ENDPOINT = "https://id.stg.fedoraproject.org"

Production deployment Webserver (non-cloudy)

To deploy this Django application with WSGI on Apache, NGINX or any other web server, please refer to the the webserver documentation; There are also plenty of howtos on the net (I'll not LMGTFY...)

Production deloyment (cloudy)

Red Hat OpenShift (Online)

There is already a file called create.sh, which can be reused to create an OpenShift online instance of ivatar. However, you need to have the correct environment variables set, as well as a working oc installation.

Amazon AWS

Pretty sure this work as well; As OpenShift (Online).

I once wrote an Django (1.x) application in 2016, that used AWS. It can be found here: Gewusel from ofalk @ GitHub There is a file called ebcreate.txt as well as a directory called .ebextensions, which you need to check out in order to get an idea of how to deploy the application on AWS.

Database

It should work with SQLite (do not use in production!), MySQL/MariaDB, as well as PostgreSQL.