Giter Site home page Giter Site logo

esgf-auth's Introduction

esgf-auth

OpenID/OAuth2 authentication client for ESGF

The ESGF authentication client is a Django web aplication that replaces the ESGF ORP. If a dataset file requires authentication, the THREDDS authentication filter redirects a user web browser to the web app. The web app discovers authentication services provided by an IdP selected by a user in the drop down, and redirects the user web browser to OAuth2 or OpenID server where the user enters his/her username and password. When the user is authenticated successfully, the OAuth2 (or OpenID) server redirects the user web browser back to the web app. The web app sets a secret cookie and redirects the user back to the THREDDS authentication filter.

Install esgf-auth

Create Python 2.7 virtual environment

$ python --version 
Python 2.7.10
$ virtualenv venv
$ . venv/bin/activate

Download and install crypto-cookie:

(venv)$ git clone [email protected]:philipkershaw/crypto-cookie
(venv)$ cd crypto-cookie
(venv)$ python setup.py
(venv)$ cd ..

Download and install esgf-auth with dependencies (Django, social-auth-app-django, social-auth-core, etc.)

(venv)$ git clone [email protected]:lukaszlacinski/esgf-auth
(venv)$ cd esgf-auth
(venv)$ pip install -r requirements.txt

Create the database

(venv)$ ./manage.py migrate

Create /esg/config/esgf_oauth2.json file with a client key and secret received from an admin of an ESGF OAuth2 server. When you register your OAuth2 client, your redirect URI is https://<your_hostname>/esgf-auth/complete/esgf/. Here is a sample esgf_oauth2.json file:

{
    "ceda.ac.uk":
        "key": "BUwBQaqS7qs2pSLhwHiAQlqt+hc=",
        "secret": "Qf+EsAoDmZzdW1L/H4zAj2u/tg3ISCnqxby+2bD7hY/GCZcRJgUjFQ=="
    },
    "esgf-node.llnl.gov": {
        "key": "RMRXIub0/m4RIfo7sdr2OiGOTmc=",
        "secret": "N9PT+3/rGnjGPkEBsyzhoggsyFYdX6ptPG9Gy6Olb0j8ub/4+DJtiA=="
    }
}

Create a second file /esg/config/esgf_auth_config.json with additional site-specific information. An example of such configuration file is:

{
"ESGF_HOSTNAME":"my-node.esgf.org",
"ESGF_SECRET_KEY":"o7GIieXmQzUGslstjWS7d8==",
"DJANGO_SECRET_KEY":"xu0jf]LBUHfLHWbHXzBcDuffHaWQYrev8ojXXd1M"
}

where all values need to be changed by each site administrator. The value of "ESGF_SECRET_KEY" must match the value used to encode the authentication cookies that is configured in the THREDDS web.xml file.

Apache/mod_wsgi

For example, on Ubuntu, add the following lines to /etc/apache2/sites-available/default-ssl,conf in <VirtualHost _default_:443>

    WSGIDaemonProcess esgf_auth python-path=<your_base_dir>/esgf-auth:<your_base_dir>/venv/lib/python2.7/site-packages
    WSGIScriptAlias /esgf-auth <your_base_dir>/esgf-auth/esgf_auth/wsgi.py process-group=esgf_auth
    <Directory <your_base_dir>/esgf-auth/esgf_auth>
        <Files wsgi.py>
            # Apache >= 2.4
            #Require all granted
            # Apache <= 2.2
            Order allow,deny
            Allow from all
        </Files>
    </Directory>
    Alias /esgf-auth/home/static/ <your_base_dir>/esgf-auth/static/
    <Directory <your_base_dir>/esgf-auth/static>
        Options -Indexes
        # Apache >= 2.4
        #Require all granted
        # Apache <= 2.2
        Order allow,deny
        Allow from all
        AllowOverride None
    </Directory>

After restarting Apache, open https://<your_hostname>/esgf-auth/thredds/ in a web browser. The page mimics THREDDS server with the authentication filter. You will also likely need to change ownership of the 'esgf-auth' directory to www-data (on Ubuntu), so Apache can access the SQLite3 database file.

esgf-auth's People

Contributors

lucacinquini avatar lukaszlacinski avatar

Stargazers

 avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.