# cnBolt-Extensions-SSO SSO Connector for Bolt This extension adds a new black button on Bolt's login page. The button leads to **bolt/sso-login**, a special page that includes the **SSO-SDK**s login scripts. On a successfull SSO login, the extension will create a new user (if not already done) based on the SSO users data. These properties are special: - **username** the username of the sso user and the suffix "@sso" to avoid conflicts with a real bolt user of the same name - **email** `@` this string will be used to identify the user. The real email is not known to us and not needed as the SSO itself takes care of password resets and similar - **password** a randomly generate string. This password is never used. ## Installation To install and configure the extension, you need to follow these steps. **Add the extension** Add the extension like this (if you have condé-nast satis already installed. ``` # add sso-sdk repository and install to bolt composer config repositories.repo-name vcs https://github.com/CondeNastDigital/cnSSOSDK.git composer require cnd/sso-sdk # add extension cd extensions composer require cnd/sso cd .. ``` **Create client keys** Each application (called client from the sso's point of view) needs a public and private key in RSA format. You can create new keys with this command insode the project's root folder. ``` openssl genrsa -out app/config/extensions/bolt-private.key 2048 openssl rsa -in app/config/extensions/bolt-private.key -out app/config/extensions/bolt-private.key openssl rsa -pubout -in app/config/extensions/bolt-private.key -out app/config/extensions/bolt-public.key ``` **Provide SSO public key** The extension needs a copy of the sso's public key to authenticate responses from there. Copy the key to your extension config folder. ``` # If you have the cnServiceSSO project downloaded in your projects folder, run this cp ../cnServiceSSO/app/config/sso-public.key app/config/extensions ``` **Configure client inside the SSO** Login into the sso with administrator privileges and navigate to this link http://sso.condenastdigital.de/control/clients/create Fill out the form and add the newly created **public** key. After saving, note the generated UID. The client **must have these options configured** - **Active** - **Needs Invite** - **API access** Also change the configured rights to look like this - 1 Redakteur - 2 Chefredakteur - 8 Administrator **Configure your extension** This is the standard configuration, valid for almost all cases. Copy this to `app/config/extensions/sso.cnd.yml`. The `xxxxxxxxxxxxxxxx` will need to be replaced with the one from the sso client administration. ``` sso: client-uid: xxxxxxxxxxxxxxxx client-private-key: bolt-private.key sso-url: https://sso.condenastdigital.de sso-public-key: sso-public.key sso-verify-cert: false roles: editor: 1 chief-editor: 2 admin: 8 ``` **Add Bolt Admin user** Since we will no longer have `root` users with our sso system, we need one new user for this. The Password can be found in CNKees. ``` app\nut user:add cnbolt "Bolt Main Admin" cndevteam@condenastdigital.de ``` ## Quick Installation See above for exact explanations. You can use this all in one command line if you know what yo do: ``` composer config repositories.repo-name vcs https://github.com/CondeNastDigital/cnSSOSDK.git composer require cnd/sso-sdk cd extensions composer require cnd/sso cd .. openssl genrsa -out app/config/extensions/bolt-private.key 2048 openssl rsa -in app/config/extensions/bolt-private.key -out app/config/extensions/bolt-private.key openssl rsa -pubout -in app/config/extensions/bolt-private.key -out app/config/extensions/bolt-public.key cp ../cnServiceSSO/app/config/sso-public.key app/config/extensions php vendor\bolt\bolt\app\nut user:add cnbolt "Bolt Main Admin" cndevteam@condenastdigital.de ```