Add basic project information
commit
721dbc7e65
@ -0,0 +1,3 @@
|
||||
.idea/
|
||||
certs/
|
||||
idp.toml
|
@ -0,0 +1,108 @@
|
||||
# CAcert OAuth2 / OpenID Connect IDP
|
||||
|
||||
This repository contains an implementation for an identity provider. [ORY
|
||||
Hydra](https://www.ory.sh/hydra/) is used for the actual OAuth2 / OpenID
|
||||
Connect operations. The implementation in this repository provides the end user
|
||||
UI components that are required by Hydra to allow login and consent.
|
||||
|
||||
The code in this repository is licensed under the terms of the Apache License
|
||||
Version 2.0.
|
||||
|
||||
Copyright © 2020, 2021 Jan Dittberner
|
||||
|
||||
## Setup
|
||||
|
||||
### Certificates
|
||||
|
||||
You need a set of certificates for the IDP. You can use the Test CA created by
|
||||
the ``setup_test_ca.sh`` script from the [CAcert developer
|
||||
setup](https://git.dittberner.info/jan/cacert-devsetup) repository like this:
|
||||
|
||||
1. create signing requests
|
||||
|
||||
```
|
||||
mkdir certs
|
||||
cd certs
|
||||
openssl req -new -newkey rsa:3072 -nodes \
|
||||
-keyout idp.cacert.localhost.key \
|
||||
-out idp.cacert.localhost.csr.pem \
|
||||
-subj /CN=idp.cacert.localhost \
|
||||
-addext subjectAltName=DNS:idp.cacert.localhost,DNS:login.cacert.localhost
|
||||
cp *.csr.pem $PATH_TO_DEVSETUP_TESTCA/
|
||||
```
|
||||
|
||||
2. Use the CA to sign the certificates
|
||||
|
||||
```
|
||||
pushd $PATH_TO_DEVSETUP_TESTCA/
|
||||
openssl ca -config ca.cnf -name class3_ca -extensions server_ext \
|
||||
-in idp.cacert.localhost.csr.pem \
|
||||
-out idp.cacert.localhost.crt.pem -days 365
|
||||
popd
|
||||
cp $PATH_TO_DEVSETUP_TESTCA/idp.cacert.localhost.crt.pem .
|
||||
```
|
||||
|
||||
3. Copy CA certificate for client certificates
|
||||
|
||||
```
|
||||
openssl x509 -in $PATH_TO_DEVSETUP_TESTCA/class3/ca.crt.pem \
|
||||
-out client_ca.pem
|
||||
```
|
||||
|
||||
### Configure IDP
|
||||
|
||||
The Identity Provider application (IDP) requires a strong random key for its
|
||||
CSRF cookie. You can generate such a key using the following openssl command:
|
||||
|
||||
```
|
||||
openssl rand -base64 32
|
||||
```
|
||||
|
||||
Use this value to create `idp.toml`:
|
||||
|
||||
```
|
||||
[security]
|
||||
csrf.key = "<32 bytes of base64 encoded data>"
|
||||
```
|
||||
|
||||
## Start
|
||||
|
||||
Now you can start the IDP:
|
||||
|
||||
```
|
||||
go run cmd/idp/main.go
|
||||
```
|
||||
|
||||
## Translations
|
||||
|
||||
This application uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for
|
||||
internationalization (i18n) support.
|
||||
|
||||
The translation workflow needs the `go18n` binary which can be installed via
|
||||
|
||||
```
|
||||
go get -u github.com/nicksnyder/go-i18n/v2/goi18n
|
||||
```
|
||||
|
||||
To extract new messages from the code run
|
||||
|
||||
```
|
||||
goi18n extract .
|
||||
```
|
||||
|
||||
Then use
|
||||
|
||||
```
|
||||
goi18n merge active.*.toml
|
||||
```
|
||||
|
||||
to create TOML files for translation as `translate.<locale>.toml`. After
|
||||
translating the messages run
|
||||
|
||||
```
|
||||
goi18n merge active.*.toml translate.*.toml
|
||||
```
|
||||
|
||||
to merge the messages back into the active translation files. To add a new
|
||||
language you need to add the language code to the languages configuration
|
||||
option (default is defined in the configmap in cmd/idp/main.go).
|
Loading…
Reference in New Issue