oxd Ruby On Rails#
Use oxd's Ruby on Rails library to send users from a Rails application to your Gluu Server OpenID Connect Provider (OP) for dynamic enrollment, single sign-on (SSO), strong authentication, and access management policy enforcement.
Note
You can also refer to the oxd-Ruby library docs for more details on Ruby classes.
Installation Guides#
Software Requirements#
System Requirements:
Ubuntu 14.04 with some basic utilities listed below:
$ sudo apt-get install apache2
$ a2enmod ssl
Install RVM and Ruby on Ubuntu
Install mpapis public key (might need gpg2):
$ sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
Install RVM Stable with Ruby:
$ sudo \curl -sSL https://get.rvm.io | bash -s stable --ruby
$ cd /var/www/html
Reload shell configuration and test:
$ source ~/.rvm/scripts/rvm
To get a list of all the Ruby versions installed on your system:
$ rvm list
Using RVM you can install a specific Ruby version:
$ rvm install ruby-2.4.0
To change Ruby version run this command:
$ rvm use ruby-2.4.0
Rails is distributed as a Ruby gem, and adding it to the local system is extremely simple:
$ gem install rails
Note
For more help you can see RVM commands here : https://rvm.io/rvm/install
Phusion Passenger Setup
Phusion Passenger (commonly shortened to Passenger or referred to as mod_passenger) is an application server and is often used to power Ruby sites. Its code is distributed in the form of a gem, which is then compiled on the target machine and installed into Apache as a module.
First, the gem needs to be installed on the system:
$ gem install passenger
The environment is now ready for the compilation. Enter the following to start the process (the process may take a few minutes):
$ passenger-install-apache2-module
Note
This script will not install the module. It compiles the module’s binary and places it in the gem’s path. The path will be printed on the screen and it needs to be copy-pasted into Apache’s config file.
The output will be similar to this one:
LoadModule passenger_module /home/username/.rvm/gems/ruby-2.4.0/gems/passenger-5.2.1/buildout/apache2/mod_passenger.so
Add these lines to Apache's config file:
<IfModule mod_passenger.c>
PassengerRoot /home/username/.rvm/gems/ruby-2.4.0/gems/passenger-5.2.1
PassengerDefaultRuby /home/username/.rvm/gems/ruby-2.4.0/wrappers/ruby
</IfModule>
To use the oxd-ruby library, you will need:
- A valid OpenID Connect Provider (OP), like the Gluu Server or Google
- An active installation of the oxd-server
- If you want to make RESTful (https) calls from your app to your
oxd-server
, you will also need an active installation of the oxd-https-extension - A Windows server or Windows installed machine / Linux server or Linux installed machine
Configuring oxd-server#
-
Edit the file
/opt/oxd-server/conf/oxd-conf.json
- Update the following fields
"server_name"
,"license_id"
,"public_key"
,"public_password"
and"license_password"
- Update the following fields
-
Edit the file
/opt/oxd-server/conf/oxd-default-site-config.json
-
Change the OP HOST name to your OpenID Provider domain at the line
"op_host": "https://<idp-hostname>"
-
Change the
response_types
line to"response_types": ["code"]
-
-
To start oxd-server, run the following command or click here for more detailed instructions:
/etc/init.d/oxd-server start
Demosite Deployment#
Get the source code for demosite:
cd /var/www/html
git clone https://github.com/GluuFederation/oxd-ruby-demo-app
OpenID Connect only works with HTTPS connections. Enter the following to prepare the SSL certificates:
$ mkdir /etc/certs
$ cd /etc/certs
$ openssl genrsa -des3 -out demosite.key 2048
$ openssl rsa -in demosite.key -out demosite.key.insecure
$ mv demosite.key.insecure demosite.key
$ openssl req -new -key demosite.key -out demosite.csr
$ openssl x509 -req -days 365 -in demosite.csr -signkey demosite.key -out demosite.crt
Create a virtual host of oxd-ruby: To create a virtual host for oxd-ruby-demo-app, create a oxd-ruby.conf file under /etc/apache2/sites-available/ with following commands:
$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/oxd-ruby.conf
$ sudo vi /etc/apache2/sites-available/oxd-ruby.conf
Replace the content in the oxd-ruby.conf file with the following:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName oxd-rails.com
DocumentRoot /var/www/html/oxd-ruby-demo-app/public
LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/certs/demosite.crt
SSLCertificateKeyFile /etc/certs/demosite.key
<Directory /var/www/html/oxd-ruby-demo-app/public>
AllowOverride All
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
</IfModule>
Enable the oxd-rails.com
virtual host by running:
$ sudo a2ensite oxd-ruby.conf
In the console, add the domain name to the virtual host file:
$ sudo nano /etc/hosts
Add these lines to the virtual host file:
127.0.0.1 www.oxd-rails.com
127.0.0.1 oxd-rails.com
Reload the Apache server:
$ sudo service apache2 restart
Running the Demo Application
Navigate to the Rails app root:
cd /var/www/html/oxd-ruby-demo-app
Run:
bundle install
-
Change the
oxd-ruby
configuration inoxd-ruby-demo-app/config/initializers/oxd_config.rb
file. -
With the
oxd-server
running, navigate to thehttps://oxd-rails.com
to run the sample client application.oxd-ruby-demo-app
contains a nice UI with buttons and template code to walk you through the authentication flow with eachoxd-ruby
command. To register a client in the oxd-server use the"Setup Client"
button. Upon successful registration of the client application, an oxd ID will be displayed in the UI. Next, use the"Login with OpenId"
button to navigate to the Login URL for authentication.