Installation/Configuration

Assuming that you have installed all the required packages as described in :ref:`require-label` you can install the djnro platform application.

Currently the source code is availiable at code.grnet.gr and can be cloned via git::

git clone https://code.grnet.gr/git/djnro

As with the majority of Django projects, settings.py has to be properly configured and then comes the population of the database.

  • Copy the urls.py.dist to urls.py
  • Copy the settings.py.dist to settings.py
  • Copy the apache/django.wsgi.dist to apache/django.wsgi and edit according to your needs.

Project Settings (settings.py)

The following variables/settings need to be altered or set:

Set Admin contacts::

ADMINS = (
('Admin', ''),
)

Set the database connection params::

DATABASES = {
...
}

Set your timezone and Languages::

TIME_ZONE = 'Europe/Athens'
LANGUAGES = (
('el', _('Greek')),
('en', _('English')),
)

Set your static url::

STATIC_URL = '/example/static'

Django social auth needs changes in the Authentication Backends depending on which social auth you want to enable::

AUTHENTICATION_BACKENDS = (
'djnro.djangobackends.shibauthBackend.shibauthBackend',
...
'django.contrib.auth.backends.ModelBackend',
)

Set your template dirs::

TEMPLATE_DIRS = (
"/example/templates" # Put strings here, like "/home/html/django_templates" or "C:/www/django/templates". # Always use forward slashes, even on Windows. # Don't forget to use absolute paths, not relative paths.
)

As the application includes a "Nearest Eduroam" functionality, world eduroam points are harvested via the eduroam.org kml file::

EDUROAM_KML_URL = 'http://monitor.eduroam.org/kml/all.kml'

Depending on your AAI policy set an appropriate authEntitlement

SHIB_AUTH_ENTITLEMENT = 'urn:mace:example.com:pki:user'

Mail server parameters::

SERVER_EMAIL = "Example domain eduroam Service <>" 
EMAIL_SUBJECT_PREFIX = "[eduroam] "

NRO contact mails::

NOTIFY_ADMIN_MAILS = ["", ""]

Set your cache backend (if you want to use one)::

CACHE_BACKEND = 'memcached://127.0.0.1:11211/?timeout=5184000'

NRO specific parameters. Affect html templates::

        # Frontend country specific vars, eg. Greece
    NRO_COUNTRY_NAME = _('My Country')
    # Variable used by context_processor to display the "eduroam | <country_code>" in base.html 
    NRO_COUNTRY_CODE = 'gr'
    # main domain url used in right top icon, eg. http://www.grnet.gr
    NRO_DOMAIN_MAIN_URL = "http://www.example.com" 
    # developer info for footer
    NRO_DEV_BY_DICT = {"name": "EXAMPLE DEV TEAM", "url": "http://devteam.example.com"}
    #NRO social media contact (Use: // to preserve https)
    NRO_DEV_SOCIAL_MEDIA_CONTACT = [
                                    {"url":"//soc.media.url", "icon":"icon.png", "name":"NAME1(eg. Facebook)"}, 
                                    {"url":"//soc.media.url", "icon":"icon.png",  "name":"NAME2(eg. Twitter)"},
                                    ]
    # map center (lat, lng)
    MAP_CENTER = (36.97, 23.71)
    #Helpdesk, used in base.html: 
    NRO_DOMAIN_HELPDESK_DICT = {"name": _("Domain Helpdesk"), 'email':'helpdesk@example.com', 'phone': '12324567890', 'uri': 'helpdesk.example.com'}
        

Set the Realm country for REALM model::

#Countries for Realm model:
REALM_COUNTRIES = (
('country_2letters', 'Country' ),
)

Shibboleth attribute MAP according to your AAI policy::

#Shibboleth attribute map
SHIB_USERNAME = ['HTTP_EPPN']
SHIB_MAIL = ['mail', 'HTTP_MAIL', 'HTTP_SHIB_INETORGPERSON_MAIL']
SHIB_FIRSTNAME = ['HTTP_SHIB_INETORGPERSON_GIVENNAME']
SHIB_LASTNAME = ['HTTP_SHIB_PERSON_SURNAME']
SHIB_ENTITLEMENT = ['HTTP_SHIB_EP_ENTITLEMENT']

Django Social Auth parameters::

    TWITTER_CONSUMER_KEY = ''
    TWITTER_CONSUMER_SECRET = ''

    FACEBOOK_APP_ID = ''
    FACEBOOK_API_SECRET = ''

    LINKEDIN_CONSUMER_KEY        = ''
    LINKEDIN_CONSUMER_SECRET     = ''

    LINKEDIN_SCOPE = ['r_basicprofile', 'r_emailaddress']
    LINKEDIN_EXTRA_FIELD_SELECTORS = ['email-address', 'headline', 'industry']
    LINKEDIN_EXTRA_DATA = [('id', 'id'),
                           ('first-name', 'first_name'),
                           ('last-name', 'last_name'),
                           ('email-address', 'email_address'),
                           ('headline', 'headline'),
                           ('industry', 'industry')]

    YAHOO_CONSUMER_KEY = ''
    YAHOO_CONSUMER_SECRET = ''

    GOOGLE_SREG_EXTRA_DATA = []

    SOCIAL_AUTH_FORCE_POST_DISCONNECT = True

    FACEBOOK_EXTENDED_PERMISSIONS = ['email']

    SOCIAL_AUTH_LOGIN_REDIRECT_URL = '/manage/'
    LOGIN_REDIRECT_URL = '/manage/'
    SOCIAL_AUTH_INACTIVE_USER_URL = '/manage/'

    SOCIAL_AUTH_FORCE_POST_DISCONNECT = True
    SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
    SOCIAL_AUTH_CREATE_USERS = True
    SOCIAL_AUTH_FORCE_RANDOM_USERNAME = False
    SOCIAL_AUTH_SANITIZE_REDIRECTS = False

    SOCIAL_AUTH_PIPELINE = (
        'social_auth.backends.pipeline.social.social_auth_user',
        'social_auth.backends.pipeline.user.get_username',
        'social_auth.backends.pipeline.user.create_user',
        'social_auth.backends.pipeline.social.associate_user',
        'social_auth.backends.pipeline.social.load_extra_data',
        'social_auth.backends.pipeline.user.update_user_details',
    )
        

Database Sync

Once you are done with settings.py run::

./manage.py syncdb

Create a superuser, it comes in handy. And then run south migration to complete::

./manage.py migrate

Now you should have a clean database with all the tables created.

Running the server

We suggest going via Apache with mod_wsgi. Below is an example configuration::

    WSGIDaemonProcess    djnro        processes=3 threads=20 display-name=%{GROUP}
    WSGIProcessGroup    djnro

    ...

    <VirtualHost *:443>
        ServerName        example.com
        ServerAdmin        admin@example.com
        ServerSignature        On

        SSLEngine on
        SSLCertificateFile    ...
        SSLCertificateChainFile ...
        SSLCertificateKeyFile    ...

        # Shibboleth SP configuration
        ShibConfig        /etc/shibboleth/shibboleth2.xml
        Alias            /shibboleth-sp    /usr/share/shibboleth

        # Integration of Shibboleth into Django app:

        <Location /login>
            AuthType shibboleth
            ShibRequireSession On
            ShibUseHeaders On
            require valid-user
        </Location>

        <Location /Shibboleth.sso>
            SetHandler shib
        </Location>

        Alias /static         /path/to/djnro/static
        WSGIScriptAlias /      /path/to/djnro/apache/django.wsgi
    </VirtualHost>

Info: It is strongly suggested to allow access to /admin|overview|alt-login ONLY from trusted subnets.

Once you are done, restart apache.

Initial Data

What you really need in the first place is a Realm record along with one or more contacts related to that Realm. Go via the Admin interface, and add a Realm (remember to have set the REALM_COUNTRIES in settings.py).
The approach in the application is that the NRO sets the environment for the local eduroam admins. Towards that direction, the NRO has to insert the initial data for his/her clients/institutions in the Institutions Model

Next Steps (Set your Logo)

The majority of branding is done via the NRO variables in settings.py. You might also want to change the logo of the application. Inside the static/img/eduroam_branding folder you will find the xcf (Gimp) logo files logo_holder, logo small. Edit with Gimp according to your needs and save as logo_holder.png and logo_small.png inside the static/img folder