-
Notifications
You must be signed in to change notification settings - Fork 35
Login.gov Integration
Touchpoints leverages Login.gov for authentication. This page outlines how the environments relate, how the integration works, and notes on Development.
- Touchpoints Production - Login.gov Production
- Touchpoints Demo - Login.gov Integration
- Touchpoints Staging - Login.gov Integration
- Touchpoints Development - Login.gov local instance -
identity_idp
The Touchpoints Rails application uses Omniauth's Login.gov integration to enable openID oAuth integration.
When logging in, Touchpoints redirects the user to Login.gov, where MFA is enforced for successful authentication, then the user is redirected back to Touchpoints.
On the initial login, the user will be prompted to authorize the Touchpoints application, and after approval, the user is redirected to Touchpoints.
On subsequent logins, the user will be redirected directly to Touchpoints, and see a flash message indicating "Successful Auth from Login.gov."
Once authenticated, Touchpoints is responsible for expiring user sessions. Touchpoints expires user sessions after 15 minutes of inactivity.
- Add Omniauth plugin for Login.gov to the Touchpoints Rails app
- See Login.gov Identity Provider if doing local development with Login.gov
- if you get a
usernamenot found when creating theupayadatabases, runcreatedb - install Node 8 with
brew install node@8and put it in your path. - install Yarn with
npm install -g yarn - then run
bundleand themake setupsteps outlined byidentity-idp
Run openssl req -nodes -newkey rsa:2048 -x509 -keyout touchpoints-env.pem -out touchpoints-env.crt to generate keys. This will generate a .crt and a .pem file.
- Copy the contents of
touchpoints-env.pemto the env variableLOGIN_GOV_PRIVATE_KEYwhen running Touchpoints - Copy the contents of
touchpoints-env.crtto login.gov's app, if using the web, or in the login.govservice_providers.ymlconfiguration file, if developing locally.