Use oxd's Python Flask library to send users from a Flask application to your Gluu Server OpenID Connect Provider (OP) for dynamic enrollment, single sign-on (SSO), strong authentication, and access management policy enforcement.

!!! Note: You can also refer to the oxd-python library docs for more details on python classes.

Installation Guides#

Software Requirements#

System Requirements:

Ubuntu 14.04 with some basic utilities listed below:

apt-get install apache2 libapache2-mod-wsgi python-dev git python-pip
a2enmod wsgi
a2enmod ssl

Gluu development binaries:

echo "deb https://repo.gluu.org/ubuntu/ trusty main" > /etc/apt/sources.list.d/gluu-repo.list
curl https://repo.gluu.org/ubuntu/gluu-apt.key | apt-key add -
apt-get update
apt-get install oxd-server

To use the oxd-python library, you will need:

  • A valid OpenID Connect Provider (OP), like the Gluu Server or Google
  • An active installation of the oxd-server running on the same server as the client application
  • If you want to make RESTful (https) calls from your app to your oxd-server, you will also need an active installation of the oxd-https-extension
  • A Windows server or Windows installed machine / Linux server or Linux installed machine

Configuring oxd-server#

  • Edit the file /opt/oxd-server/conf/oxd-conf.json if needed

  • Edit the file /opt/oxd-server/conf/oxd-default-site-config.json

    • Change the OP HOST name to your OpenID Provider domain at the line "op_host": "https://<idp-hostname>"

    • Change the response_types line to "response_types": ["code"]

  • To start oxd-server, run the following command or click here for more detailed instructions:

/etc/init.d/oxd-server start

Demosite Deployment#

  • Install oxd-python in the Client server:
git clone https://github.com/GluuFederation/oxd-python.git
cd oxd-python
python setup.py install
  • Switch to the demosite folder
cd examples/flask_app
  • Edit the demosite.cfg file. Add the URI of the OpenID Provider (OP) in the op_host field, e.g. https://idp.example.com. If op_host was configured during installation, this step can be skipped.

  • Edit /etc/hosts and point client.example.com at the IP Address of the server where the demo app is installed, e.g. client.example.com

  • Run the demo server

pip install flask
pip install pyOpenSSL
python demosite.py

Now the demosite can be accessed at https://client.example.com:8080