-
Notifications
You must be signed in to change notification settings - Fork 25
Login.gov Integration
Touchpoints leverages Login.gov for authentication. This page outlines how the environments relate, how the integration works, and notes on Development.
- Touchpoints Production - Login.gov Production
- Touchpoints Demo - Login.gov Integration
- Touchpoints Staging - Login.gov Integration
- Touchpoints Development - Login.gov local instance -
identity_idp
The Touchpoints Rails application uses Omniauth's Login.gov integration to enable openID oAuth integration.
When logging in, Touchpoints redirects the user to Login.gov, where MFA is enforced for successful authentication, then the user is redirected back to Touchpoints.
On the initial login, the user will be prompted to authorize the Touchpoints application, and after approval, the user is redirected to Touchpoints.
On subsequent logins, the user will be redirected directly to Touchpoints, and see a flash message indicating "Successful Auth from Login.gov."
Once authenticated, Touchpoints is responsible for expiring user sessions. Touchpoints expires user sessions after 15 minutes of inactivity.
- Add Omniauth plugin for Login.gov to the Touchpoints Rails app
- See Login.gov Identity Provider if doing local development with Login.gov
- if you get a
username
not found when creating theupaya
databases, runcreatedb
- install Node 8 with
brew install node@8
and put it in your path. - install Yarn with
npm install -g yarn
- then run
bundle
and themake setup
steps outlined byidentity-idp
Run openssl req -nodes -newkey rsa:2048 -x509 -keyout touchpoints-env.pem -out touchpoints-env.crt
to generate keys. This will generate a .crt
and a .pem
file.
- Copy the contents of
touchpoints-env.pem
to the env variableLOGIN_GOV_PRIVATE_KEY
when running Touchpoints - Copy the contents of
touchpoints-env.crt
to login.gov's app, if using the web, or in the login.govservice_providers.yml
configuration file, if developing locally.