oidc-parent/README.md

1.8 KiB

CAcert OpenID connect parent project

This repository references several repositories for the CAcert OpenID connect setup.

Clone the repository

git clone --recurse-submodules https://code.cacert.org/cacert/oidc-parent.git
cd oidc-parent
# cause pull, fetch and other git commands to consider submodules
git config submodule.recurse true

Get started

  • setup Hydra
  • build CAcert web application resources
  • setup IDP (provides login and consent screens)
  • setup demo application
  • setup OpenID Connect client registration application

Local development setup

Make sure you have the necessary prerequisites installed (tested on Debian 11 Bullseye) and ~/.local/bin is in your $PATH variable:

sudo apt update
sudo apt install make python3-pip python3-psycopg2 golang-go yarnpkg
python3 -m pip install --user -U pip
python3 -m pip install --user ansible
export PATH=$HOME/.local/bin:$PATH

Note: It is a good idea to put the PATH export line into your .bashrc or .zshenv.

Use make to build the web app resources and applications:

go install github.com/nicksnyder/go-i18n/v2/goi18n@latest
make

Use ansible-playbook to deploy Hydra, IDP, Client registration and the demo application:

cd deployment
ansible-playbook 01_install_cacert_oidc.yml

Note: If ansible-playbook fails early in the process with "sudo: a password is required," then confirm that your user has sudo privileges and execute that command like

ansible-playbook -K 01_install_cacert_oidc.yml

Vagrant setup

sudo apt install vagrant-libvirt virt-manager libvirt-clients
vagrant up
vagrant ssh -- cat .local/share/mkcert/rootCA.pem | sudo tee /usr/local/share/ca-certificates/mkcert-vagrant-oidc.crt
sudo update-ca-certificates