From b21e9421cd3eb8050acdf9dd53cfb459230b0d91 Mon Sep 17 00:00:00 2001 From: mheder Date: Thu, 29 Feb 2024 13:40:55 +0100 Subject: [PATCH] Update README.md (#215) extending the documentation with the enabling step --- README.md | 61 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 38 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index f09c0c59..1110a478 100644 --- a/README.md +++ b/README.md @@ -54,28 +54,6 @@ you have at least the following parameters set: 'database.username' => 'user', 'database.password' => 'password', -### Run database migrations - -The module comes with some default SQL migrations which set up needed tables in the configured database. To run them, -open the _Federation_ tab from your _SimpleSAMLphp_ installation and select the option _OpenID Connect Installation_ -inside the _Tools_ section. Once there, all you need to do is press the _Install_ button and the schema will be created. - -Alternatively, in case of automatic / scripted deployments, you can run the 'install.php' script from the command line: - - php modules/oidc/bin/install.php - -### Relying Party (RP) Administration - -The module lets you manage (create, read, update and delete) approved RPs from the module user interface itself. - -Once the database schema has been created, you can open the _Federation_ tab from your _SimpleSAMLphp_ installation -and select the option _OpenID Connect Client Registry_ inside the _Tools_ section. - -Note that clients can be marked as confidential or public. If the client is not marked as confidential (it is public), -and is using Authorization Code flow, it will have to provide PKCE parameters during the flow. - -Client ID and secret will be generated, and can be seen after the client creation by clicking on the 'show' button. - ### Create RSA key pair During the authentication flow, generated ID Token and Access Token will be in a form of signed JSON Web token (JWS). @@ -99,6 +77,43 @@ or use your passphrase if provided on private key generation: If you use a passphrase, make sure to also configure it in the `module_oidc.php` config file. +### Enabling the module + +At this point we can enable the module by adding `'oidc' => true` to the list of enabled modules in the main simplesamlphp configuration file, `config/config.php`. + + 'module.enable' => [ + 'exampleauth' => false, + 'core' => true, + 'admin' => true, + 'saml' => true, + // enable oidc module + 'oidc' => true + ], + +This is required the enable the module on the _Federation_ tab in the admin web interface, which can be used in the next two steps to finalize the installation. + +### Run database migrations + +The module comes with some default SQL migrations which set up needed tables in the configured database. To run them, +open the _Federation_ tab from your _SimpleSAMLphp_ installation and select the option _OpenID Connect Installation_ +inside the _Tools_ section. Once there, all you need to do is press the _Install_ button and the schema will be created. + +Alternatively, in case of automatic / scripted deployments, you can run the 'install.php' script from the command line: + + php modules/oidc/bin/install.php + +### Relying Party (RP) Administration + +The module lets you manage (create, read, update and delete) approved RPs from the module user interface itself. + +Once the database schema has been created, you can open the _Federation_ tab from your _SimpleSAMLphp_ installation +and select the option _OpenID Connect Client Registry_ inside the _Tools_ section. + +Note that clients can be marked as confidential or public. If the client is not marked as confidential (it is public), +and is using Authorization Code flow, it will have to provide PKCE parameters during the flow. + +Client ID and secret will be generated, and can be seen after the client creation by clicking on the 'show' button. + ### Cron hook In order to purge expired tokens, this module requires [cron module](https://simplesamlphp.org/docs/stable/cron:cron) @@ -332,4 +347,4 @@ See [CONFORMANCE_TEST.md](CONFORMANCE_TEST.md) ## Have more questions? -Check the [FAQ](FAQ.md). \ No newline at end of file +Check the [FAQ](FAQ.md).