Installation/Configuration

Contents

• Installation/Configuration
  • Project Settings (settings.py)
  • Database Sync
  • Running the server
  • Initial Data
  • Next Steps (Set your Logo)

Assuming that you have installed all the required packages as described in Required Packages you can install the djnro platform application.

Currently the source code is availiable at code.grnet.gr and can be cloned via git:

git clone https://code.grnet.gr/git/djnro

As with the majority of Django projects, settings.py has to be properly configured and then comes the population of the database.

• Copy the urls.py.dist to urls.py
• Copy the settings.py.dist to settings.py
• Copy the apache/django.wsgi.dist to apache/django.wsgi and edit according to your needs.

Project Settings (settings.py)

The following variables/settings need to be altered or set:

Set Admin contacts:

ADMINS = (
     ('Admin', 'admin@example.com'),
)

Set the database connection params:

DATABASES = {
    ...
}

Set your timezone and Languages:

TIME_ZONE = 'Europe/Athens'

LANGUAGES = (
    ('el', _('Greek')),
    ('en', _('English')),
)

Set your static url:

STATIC_URL = '/example/static'

Django social auth needs changes in the Authentication Backends depending on which social auth you want to enable:

AUTHENTICATION_BACKENDS = (
    'djnro.djangobackends.shibauthBackend.shibauthBackend',
        ...
        'django.contrib.auth.backends.ModelBackend',
)

Set your template dirs:

TEMPLATE_DIRS = (
    "/example/templates"
    # Put strings here, like "/home/html/django_templates" or "C:/www/django/templates".
    # Always use forward slashes, even on Windows.
    # Don't forget to use absolute paths, not relative paths.
)

As the application includes a “Nearest Eduroam” functionality, world eduroam points are harvested via the eduroam.org kml file:

EDUROAM_KML_URL = 'http://monitor.eduroam.org/kml/all.kml'

Depending on your AAI policy set an appropriate authEntitlement

SHIB_AUTH_ENTITLEMENT = ‘urn:mace:example.com:pki:user‘

Mail server parameters:

SERVER_EMAIL = "Example domain eduroam Service <noreply@example.com>"
EMAIL_SUBJECT_PREFIX = "[eduroam] "

NRO contact mails:

NOTIFY_ADMIN_MAILS = ["mail1@example.com", "mail2@example.com"]

Set your cache backend (if you want to use one):

CACHE_BACKEND = 'memcached://127.0.0.1:11211/?timeout=5184000'

Models Name_i18n and URL_i18n include a language choice field If languages are the same with LANGUAGES variable, simply do URL_NAME_LANGS = LANGUAGES else set your own:

URL_NAME_LANGS = (
        ('en', 'English' ),
        ('el', 'Ελληνικά'),
    )

NRO specific parameters. Affect html templates:

# Frontend country specific vars, eg. Greece
NRO_COUNTRY_NAME = _('My Country')
# Variable used by context_processor to display the "eduroam | <country_code>" in base.html
NRO_COUNTRY_CODE = 'gr'
# main domain url used in right top icon, eg. http://www.grnet.gr
NRO_DOMAIN_MAIN_URL = "http://www.example.com"
# provider info for footer
NRO_PROV_BY_DICT = {"name": "EXAMPLE DEV TEAM", "url": "http://devteam.example.com"}
#NRO social media contact (Use: // to preserve https)
NRO_PROV_SOCIAL_MEDIA_CONTACT = [
                                {"url":"//soc.media.url", "icon":"icon.png", "name":"NAME1(eg. Facebook)"},
                                {"url":"//soc.media.url", "icon":"icon.png",  "name":"NAME2(eg. Twitter)"},
                                ]
# map center (lat, lng)
MAP_CENTER = (36.97, 23.71)
#Helpdesk, used in base.html:
NRO_DOMAIN_HELPDESK_DICT = {"name": _("Domain Helpdesk"), 'email':'helpdesk@example.com', 'phone': '12324567890', 'uri': 'helpdesk.example.com'}

Set the Realm country for REALM model:

#Countries for Realm model:
REALM_COUNTRIES = (
             ('country_2letters', 'Country' ),
            )

Shibboleth attribute MAP according to your AAI policy:

#Shibboleth attribute map
SHIB_USERNAME = ['HTTP_EPPN']
SHIB_MAIL = ['mail', 'HTTP_MAIL', 'HTTP_SHIB_INETORGPERSON_MAIL']
SHIB_FIRSTNAME = ['HTTP_SHIB_INETORGPERSON_GIVENNAME']
SHIB_LASTNAME = ['HTTP_SHIB_PERSON_SURNAME']
SHIB_ENTITLEMENT = ['HTTP_SHIB_EP_ENTITLEMENT']

Django Social Auth parameters:

TWITTER_CONSUMER_KEY = ''
TWITTER_CONSUMER_SECRET = ''

FACEBOOK_APP_ID = ''
FACEBOOK_API_SECRET = ''

LINKEDIN_CONSUMER_KEY        = ''
LINKEDIN_CONSUMER_SECRET     = ''

LINKEDIN_SCOPE = ['r_basicprofile', 'r_emailaddress']
LINKEDIN_EXTRA_FIELD_SELECTORS = ['email-address', 'headline', 'industry']
LINKEDIN_EXTRA_DATA = [('id', 'id'),
                       ('first-name', 'first_name'),
                       ('last-name', 'last_name'),
                       ('email-address', 'email_address'),
                       ('headline', 'headline'),
                       ('industry', 'industry')]

YAHOO_CONSUMER_KEY = ''
YAHOO_CONSUMER_SECRET = ''

GOOGLE_SREG_EXTRA_DATA = []

SOCIAL_AUTH_FORCE_POST_DISCONNECT = True

FACEBOOK_EXTENDED_PERMISSIONS = ['email']

SOCIAL_AUTH_LOGIN_REDIRECT_URL = '/manage/'
LOGIN_REDIRECT_URL = '/manage/'
SOCIAL_AUTH_INACTIVE_USER_URL = '/manage/'

SOCIAL_AUTH_FORCE_POST_DISCONNECT = True
SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
SOCIAL_AUTH_CREATE_USERS = True
SOCIAL_AUTH_FORCE_RANDOM_USERNAME = False
SOCIAL_AUTH_SANITIZE_REDIRECTS = False



SOCIAL_AUTH_PIPELINE = (
    'social_auth.backends.pipeline.social.social_auth_user',
    'social_auth.backends.pipeline.user.get_username',
    'social_auth.backends.pipeline.user.create_user',
    'social_auth.backends.pipeline.social.associate_user',
    'social_auth.backends.pipeline.social.load_extra_data',
    'social_auth.backends.pipeline.user.update_user_details',
)

Database Sync

Once you are done with settings.py run:

./manage.py syncdb

Create a superuser, it comes in handy. And then run south migration to complete:

./manage.py migrate

Now you should have a clean database with all the tables created.

Running the server

We suggest going via Apache with mod_wsgi. Below is an example configuration:

WSGIDaemonProcess       djnro           processes=3 threads=20 display-name=%{GROUP}
WSGIProcessGroup        djnro

...

<VirtualHost *:443>
        ServerName              example.com
        ServerAdmin             admin@example.com
        ServerSignature         On

        SSLEngine on
        SSLCertificateFile      ...
        SSLCertificateChainFile ...
        SSLCertificateKeyFile   ...

        # Shibboleth SP configuration
        ShibConfig              /etc/shibboleth/shibboleth2.xml
        Alias                   /shibboleth-sp  /usr/share/shibboleth

    # Integration of Shibboleth into Django app:

        <Location /login>
                AuthType shibboleth
                ShibRequireSession On
                ShibUseHeaders On
                require valid-user
        </Location>


        <Location /Shibboleth.sso>
                SetHandler shib
        </Location>


        Alias /static           /path/to/djnro/static
        WSGIScriptAlias /      /path/to/djnro/apache/django.wsgi
</VirtualHost>

Info: It is strongly suggested to allow access to /admin|overview|alt-login ONLY from trusted subnets.

Once you are done, restart apache.

Initial Data

What you really need in the first place is a Realm record along with one or more contacts related to that Realm. Go via the Admin interface, and add a Realm (remember to have set the REALM_COUNTRIES in settings.py). The approach in the application is that the NRO sets the environment for the local eduroam admins. Towards that direction, the NRO has to insert the initial data for his/her clients/institutions in the Institutions Model

Next Steps (Set your Logo)

The majority of branding is done via the NRO variables in settings.py. You might also want to change the logo of the application. Inside the static/img/eduroam_branding folder you will find the xcf (Gimp) logo files logo_holder, logo small. Edit with Gimp according to your needs and save as logo_holder.png and logo_small.png inside the static/img folder. To change the domain logo on top right, replace the static/img/right_logo_small.png file with your own logo (86x40).