Welcome to the Pennyminder Auth project! Pennyminder Auth is a simple Ruby on Rails 3.0 web application that financial institutions can run and host to provide authentication services to third party applications. Auth authorizes applications by using the (emerging) standard OAuth2 protocol. It is an Open Source project under the terms and conditions of the New BSD License. Why Pennyminder Auth? Why would you need to offer such a service? Initially, Pennyminder Cashbook (our White label PFM solution) would be the primary consumer of such authentication services (and we would really appreciate it if you were to take a look at our hosted PFM offering at http://www.pennyminder.com/ :). But beyond PFM, we see it as an enabling technology. A standardized authentication service would allow you to easily build and deploy additional consumer facing applications in a safe and secure way. And by using open standards such as OAuth2 Juno allows those applications to be built using whatever technologies make sense for those applications. Dependencies MongoDB (required by https://github.com/flowtown/rack-oauth2-server) JRuby 1.6.4 or Ruby 1.9.2 (Out of the box, Juno expects to be run under JRuby) Auth uses the following gems (and there should be some familiarity with them): - Devise - OmniAuth - rack-oauth2-server Getting Started 0) Edit config/database.yml 1) Create databases 2) Run migrations 3) run the server (jruby -S trinidad or rails s) - this starts up with the config/samplefi/config.rb configuration file. To run the server using a different configuration file, start it like so: FICONFIG=/path/to/config.rb jruby -S trinidad (or rails s) Create first admin account 4) Create a user (http://localhost:3000/users/sign_up and confirm account (the url is in the logs (and maybe your inbox too! :) ))) 5) rails console 6) u = User.find(1) 7) u.has_role!(:admin) Subsequent users can be turned into admins on the administrators page. Note, in case it's not clear, end users do NOT have accounts on this service. End users are authenticated (using a custom OmniAuth Strategy) against the core banking system. See lib/coreauth.rb Implementing for your financial institution We've tried to make this as turnkey as possible, but there are a few things you will need to do to integrate with your organization. 1) Setup local configuration 2) Theme the member login page 3) Implement an 'AuthClient' to interact with the host system Start by copying the sample configuration in config/samplefi/* into a new folder. Take a look at the files. The config.rb file is commented. Next you should look at the FinancialInstitutionConfig class and modify it to suite your needs. Lastly you will need to implement an 'authclient' class that talks to the core banking system to authenticate end users. There is a Java example in classes/MockAuthClient.java and an unfinished ruby example near the top (in the rescue block) of config/samplefi/config.rb We have an auth client available for ISO8583 based core banking systems (sadly, not open source). That should get you started, let support@pennyminder.com know if you have any questions. Need Help? Service, Support, Training and Custom Development are available from Sourdough Labs Research and Development Corp. Email Vince Hodges at support@pennyminder.com. Thanks to our sponsor! A great deal of the work on this project was sponsored by our first client and this project would not exist if it wasn't for their help and support.