Skip to content

Commit

Permalink
Update CMS docs to mention a non-SSO route for local dev, too
Browse files Browse the repository at this point in the history
  • Loading branch information
@stevejalim @alexgibson
stevejalim authored and alexgibson committed Jul 10, 2024
1 parent b25605f commit c4581f4
Showing 1 changed file with 11 additions and 14 deletions.
25 changes: 11 additions & 14 deletions docs/cms.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,20 +115,17 @@ we need to.
Infrastructure notes
--------------------

SSO setup
~~~~~~~~~

When the env vars `OIDC_RP_CLIENT_ID` and `OIDC_RP_CLIENT_SECRET` are present and
`USE_SSO_AUTH` is set to True in settings, Bedrock will use Mozilla SSO instead of
username + password to sign in. The deployed sites will have these set, but we
also have credentials available for using SSO locally if you need to develop something
that needs it - see our password vault.

Note that Bedrock in SSO mode will not support 'drive by' user creation even if
they have an @mozilla.com identity. Only users who already exist in the Wagtail
admin as a User will be allowed to log in. You can create new users using Django's
`createsuperuser`_ command, setting both the username and email do be your
``[email protected]`` LDAP address
SSO authentication setup
========================

When the env vars ``OIDC_RP_CLIENT_ID`` and ``OIDC_RP_CLIENT_SECRET`` are present and ``USE_SSO_AUTH`` is set to True in settings, Bedrock will use Mozilla SSO instead of Django's default username + password approach to sign in. The deployed sites will have these set, but we also have credentials available for using SSO locally if you need to develop something that needs it - see our password vault.

Note that Bedrock in SSO mode will `not` support 'drive by' user creation even if they have an ``@mozilla.com`` identity. Only users who already exist in the Wagtail admin as a User will be allowed to log in. You can create new users using Django's `createsuperuser`_ command, setting both the username and email to be your ``[email protected]`` LDAP address

Non-SSO authentication for local builds
=======================================
If you just want to use a username and password locally, you can - ensure those env vars above are not set, and use Django's `createsuperuser`_ command to make an admin user in your local build.


.. _Wagtail CMS: https://wagtail.org/
.. _Editor Guide: https://guide.wagtail.org/en-latest/
Expand Down

0 comments on commit c4581f4

Please sign in to comment.