How to deploy Canonical SSO provider on local ubuntu server?

Hi Samuel,

the README file is aimed at getting started with development on SSO. We don't have documentation about deployment procedures, as that is quite more involved (and people don't necessarily need/want to deploy it the same way we do).

On the other hand, what do you mean by 'just like login.ubuntu.com works out there'? Maybe answering the other questions might help you out.

A1: Canonical SSO provider is a Single Sign On provider based on OpenID that is used to host login.ubuntu.com and login.launchpad.net. It's used to provide a single account to use throughout different Ubuntu-related services like Ubuntu One, Software Center, Launchpad, Landscape, etc.

A2: Not sure I know how to answer this... what information are you looking for specifically?

A3: Canonical SSO is just a django app, so you'd deploy it the same way you'd deploy any other django app (either using apache+modwsgi, or gunicorn, cherrypy, whatever you like). There is no single-magic-command to do this right now.

Hope this helped.

cheers,
Ricardo

Hi Ricardo,

Thank you for your quick reply.

According to what you answered above, I take a wild guess that Canonical SSO Provider is a SSO system based on OpenID with identity management, which is designed to adopt Django web framework to deploy OpenID based SSO site, just like login.ubuntu.com does, right?

After looking through the source code of the project--Canonical SSO Provider--quickly and rapidly, however, I found out some interesting things (I care very much) that probably have support for other auth methods like oauth, saml, or more in the future.

I'm not sure I have already get the architecture of Canonical SSO Provider in mind. So, please correct me if there is any wrong above.

==========================================================================================
Well, here's my schema for deploying SSO site on Ubuntu server on the basis of Canonical SSO Provider.
          WebServer: Apache2+mod_wsgi (as you mentioned above)
          DBServer: PostgreSQL with 9.1 version (as described in the source code of the project)
          SitePath: /home/www-data/login.example.org

For these options above, any ideas or supplements can be shed light on?

(P.S.: as of writing post, I'm still struggling reading the whole source code of the project of Canonical SSO Provider.)

Thanks a lot.

Yours truly,
Samuel

Hi Ricardo,

Thank you for your quick reply.

According to what you answered above, I take a wild guess that Canonical SSO Provider is a SSO system based on OpenID with identity management, which is designed to adopt Django web framework to deploy OpenID based SSO site, just like login.ubuntu.com does, right?

After looking through the source code of the project--Canonical SSO Provider--quickly and rapidly, however, I found out some interesting things (I care very much) that probably have support for other auth methods like oauth, saml, or more in the future.

I'm not sure I have already get the architecture of Canonical SSO Provider in mind. So, please correct me if there is any wrong above.

==========================================================================================
Well, here's my schema for deploying SSO site on Ubuntu server on the basis of Canonical SSO Provider.
          WebServer: Apache2+mod_wsgi (as you mentioned above)
          DBServer: PostgreSQL with 9.1 version (as described in the source code of the project)
          SitePath: /home/www-data/login.example.org

For these options above, any ideas or supplements can be shed light on?

(P.S.: as of writing post, I'm still struggling reading the whole source code of the project of Canonical SSO Provider.)

Thanks a lot.

Yours truly,
Samuel

On Thu 07 Mar 2013 11:35:50 PM ART, Samuel Omlin wrote:
> Question #223670 on Canonical SSO provider changed:
> https://answers.launchpad.net/canonical-identity-provider/+question/223670
>
> Samuel Omlin posted a new comment:
> Hi Ricardo,
>
> Thank you for your quick reply.
>
> According to what you answered above, I take a wild guess that Canonical
> SSO Provider is a SSO system based on OpenID with identity management,
> which is designed to adopt Django web framework to deploy OpenID based
> SSO site, just like login.ubuntu.com does, right?

Correct.

>
> After looking through the source code of the project--Canonical SSO
> Provider--quickly and rapidly, however, I found out some interesting
> things (I care very much) that probably have support for other auth
> methods like oauth, saml, or more in the future.
>

Canonical SSO provider mainly supports OpenID, but also supports a
limited amount of SAML and OAuth. How much of each it supports depends
very heavily on our current requirements. It's not a full and/or
generic implementation. OpenID is used for the web UI, SAML is used to
integrate with certain sites, and Oauth is mostly used for the API.

> I'm not sure I have already get the architecture of Canonical SSO
> Provider in mind. So, please correct me if there is any wrong above.
>
> ==========================================================================================
> Well, here's my schema for deploying SSO site on Ubuntu server on the basis of Canonical SSO Provider.
> WebServer: Apache2+mod_wsgi (as you mentioned above)
> DBServer: PostgreSQL with 9.1 version (as described in the source code of the project)
> SitePath: /home/www-data/login.example.org
>

Sounds ok.

> For these options above, any ideas or supplements can be shed light on?
>
> (P.S.: as of writing post, I'm still struggling reading the whole source
> code of the project of Canonical SSO Provider.)
>
> Thanks a lot.
>
> Yours truly,
> Samuel
>

Hi Ricardo,

These days, I have already been getting myself into the whole code for the project, then, here are couples of issues I found out, as below:

Q4: What versions of python have already been supported inside the project?

Q5: Why isn't dependency related to PostgreSQL used in the project checked in this _check_bootstrap_dependencies() function when bootstrap via fab?

Q6: Does this deploy() function under /to/the/project/fabtasks seem not to work to some extent, does it?

Q7: Is there a lack of best practicals of deploying a SSO site against the project, especially lack of how to configure apache2 and mod_wsgi to serve up it?

==================================================================

#1-Dev: In order to get back compatibility on the basis of python for the project, there is a little patch for the fabtasks subproject, which is described below and have been already verified between python2.6 and python2.7.

def _is_true(arg, name):
    if arg.lower() in ('t', 'true', 'on', '1', 'yes'):
        return True
    elif arg.lower() in ('f', 'false', 'off', '0', 'no'):
        return False
    raise ArgumentError(
- - - "Argument {!r} should be boolean, was {!r}".format(name, arg))
+++ "Argument {0!r} should be boolean, was {1!r}".format(name, arg))

Thanks a lot.

Yours truly,
Samuel

On Mon 11 Mar 2013 07:55:57 AM ART, Samuel Omlin wrote:
> Question #223670 on Canonical SSO provider changed:
> https://answers.launchpad.net/canonical-identity-provider/+question/223670
>
> Status: Answered => Open
>
> Samuel Omlin is still having a problem:
> Hi Ricardo,
>
> These days, I have already been getting myself into the whole code for
> the project, then, here are couples of issues I found out, as below:
>
> Q4: What versions of python have already been supported inside the
> project?

This should work with both Python 2.6 and Python 2.7

>
> Q5: Why isn't dependency related to PostgreSQL used in the project
> checked in this _check_bootstrap_dependencies() function when bootstrap
> via fab?

_check_bootstrap_dependencies() does check the postgresql dependencies.
postgresql-plpyton-9.1 is checked for and that brings in the rest of
postgres

> Q6: Does this deploy() function under /to/the/project/fabtasks seem not
> to work to some extent, does it?

this was intended to deploy against amazon ec2, but hasn't been used
for a long time now. Don't really know if it still works.

>
> Q7: Is there a lack of best practicals of deploying a SSO site against
> the project, especially lack of how to configure apache2 and mod_wsgi to
> serve up it?
>

Not sure I understand what you mean.

Hi Ricardo,

Thanks for your quick reply.

For Q5, what i want to say is all about the whole dependency for postgresql, instead of only checking the part of it which is for the interface between python and postgresql, namely postgresql-plpython, even also including postgresql itself. if so, that would be straightforward for starters like me.

With regard to Q7, all I really need to is literally targeted for how to deploy OpenID based SSO site taking advantage of the project--Canonical SSO Provider in light of step-by-step instructions, If you guys can provide that for the starters like me, making life easier, just like here (http://www.foxhop.net/django-virtualenv-apache-mod_wsgi).

And also, the last statement in the _is_true() in development.py under /to/the/project/fabtasks is most likely incompatible with python2.6, only compatible with python2.7 or later.
def _is_true(arg, name):
    if arg.lower() in ('t', 'true', 'on', '1', 'yes'):
        return True
    elif arg.lower() in ('f', 'false', 'off', '0', 'no'):
        return False
    raise ArgumentError(
- - - "Argument {!r} should be boolean, was {!r}".format(name, arg))

Thanks a lot.

Yours truly,
Samuel

Hi Ricardo,

When running fab bootstrap with the latest code of the project, some errors were showing up in the terminal.
[localhost] local: /usr/lib/config-manager/cm.py update /tmp/tmpz_qwvL
Traceback (most recent call last):
  File "/usr/lib/config-manager/cm.py", line 30, in <module>
    main(sys.argv)
  File "/usr/lib/pymodules/python2.6/config_manager/__init__.py", line 384, in main
    config.update(os.path.abspath(os.curdir))
  File "/usr/lib/pymodules/python2.6/config_manager/__init__.py", line 91, in update
    entry.update(dir)
  File "/usr/lib/pymodules/python2.6/config_manager/__init__.py", line 306, in update
    return self.build(path)
  File "/usr/lib/pymodules/python2.6/config_manager/__init__.py", line 280, in build
    raise ValueError("unknown url type '%s'" % self.url)
ValueError: unknown url type 'bzr+ssh://bazaar.launchpad.net/~canonical-isd-hackers/isd-configs/sso-config;revno=267'

So, please check if there is something wrong for this url "bzr+ssh://bazaar.launchpad.net/~canonical-isd-hackers/isd-configs/sso-config;revno=267" inside requirements/config-manager.txt.

Thanks a lot.

Yours truly,
Samuel

Samuel,

> When running fab bootstrap with the latest code of the project, some errors were showing up in the terminal.
> [localhost] local: /usr/lib/config-manager/cm.py update /tmp/tmpz_qwvL
> Traceback (most recent call last):
> File "/usr/lib/config-manager/cm.py", line 30, in <module>
> main(sys.argv)
> File "/usr/lib/pymodules/python2.6/config_manager/__init__.py", line 384, in main
> config.update(os.path.abspath(os.curdir))
> File "/usr/lib/pymodules/python2.6/config_manager/__init__.py", line 91, in update
> entry.update(dir)
> File "/usr/lib/pymodules/python2.6/config_manager/__init__.py", line 306, in update
> return self.build(path)
> File "/usr/lib/pymodules/python2.6/config_manager/__init__.py", line 280, in build
> raise ValueError("unknown url type '%s'" % self.url)
> ValueError: unknown url type 'bzr+ssh://bazaar.launchpad.net/~canonical-isd-hackers/isd-configs/sso-config;revno=267'
>
> So, please check if there is something wrong for this url
> "bzr+ssh://bazaar.launchpad.net/~canonical-isd-hackers/isd-configs/sso-
> config;revno=267" inside requirements/config-manager.txt.
>

This is a very recent change that we haven't yet documented. Please
remove the line about the sso-config branch before bootstrapping.

Ricardo

Hi Ricardo,

Can you guys open up the branch on launchpad called "bazaar.launchpad.net/~canonical-isd-hackers/isd-configs/sso-config;revno=267"?

Thanks a lot.

Yours truly,
Samuel

Hi Ricardo,

When configuring a vhost for login.example.org on apache2 with mod-wsgi running on ubuntu server, getting some errors saying "can't import OopsWare from canonical.oops.wsgi". Then, look through libraries under virtual environment, and find out nothing to do with canonical.oops package.

So, any ideas?

Thanks a lot.

Yours truly,
Samuel

Hi Ricardo,

[error] [client 127.0.0.1] File "/home/www-data/login.example.org/.env/lib/python2.6/site-packages/django/conf/__init__.py", line 89, in __init__
 [error] [client 127.0.0.1] raise ImportError("Could not import settings '%s' (Is it on sys.path?): %s" % (self.SETTINGS_MODULE, e))
 [error] [client 127.0.0.1] ImportError: Could not import settings 'settings' (Is it on sys.path?): cannot import name schemaconfigglue

After checking out "chemaconfiggule" under "/home/www-data/login.example.org/.env/lib/python2.6/site-packages/configglue/glue.py", I found that "schemaconfigglue" is exactly there. But, it's strange enough that why apache2 still received such errors when setting up django.wsgi in vhost running on apache2 with mod-wsgi?

As a side note, i have already appended these paths to sys.path in django.wsgi, including "/home/www-data/login.example.org/django_project", "/home/www-data/login.example.org", /home/www-data/login.example.org/.env/lib/python2.6/site-packages".

Thanks a lot.

Yours truly,
Samuel

Hi Ricardo,

Now, I have already set up sso site against the project although struggling for a week.

Therefore, I would like to close the thread up as very much as opening up before one week.

Thank Ricardo for your help as well as the project that you're now developing.

Thanks a lot.

Yours truly,
Samuel