Verify My Identity is a certified OpenID Connect Provider. Its supports advanced feastures such as role-based permissions relationships between organizations, staff users, and consumer users. Other features include:
- Trusted Referee Support - According to NIST Digital Identity Guidelines (SP 800-63-3).
- Support for upstream IdPs such as Okta, Ping and Google.
- Support for setting user's identity assurance and authenticator assurance levels.
- FIDO U2F / FIDO 2 Multi-factor authentication support
- Text Message Multi-factor authentication support
- Vectors of Trust
votSupport - Support for
documentandaddressclaims as defined in the iGov Profile for OIDC.
This project is based on Python 3.6 and Django 2.2.18.
Download the project:
git clone https://github.com/videntity/vmi.git
Install dev libraries
(Ubuntu/Debian)
sudo apt-get install python3.6-dev libsasl2-dev python-dev libldap2-dev libssl-dev
(RetHat/CentOS)
Install supporting libraries. (Consider using virtualenv for your python setup).
sudo yum install python-devel openldap-devel
cd vmi
pip install -r requirements.txt
Depending on your local environment you made need some supporting libraries
for the above command to run cleanly. For example you need a
compiler and python-dev.
Add some entries to your `/etc/hosts` file.
If running this OIDC server in conjunction with `oauth2org` (OAuth2 server)
on the same machine for development, then we recommend setting up names for each server host in `/etc/hosts`.
You might add lines like the following to `/etc/hosts` file:
127.0.0.1 verifymyidentity
127.0.0.1 oauth2org
Setup some local environment variables via whatever stategy you choose.
The default is using a `.env` file containing the following.
Set this variable specific toy your hostname and environment
export EC2PARAMSTORE_4_ENVIRONMENT_VARIABLES=".ENV"
export AWS_ACCESS_KEY_ID="YOUR_KEY_ID"
export AWS_SECRET_ACCESS_KEY="YOUR_SECRET"
export OIDC_PROVIDER="http://verifymyidentity:8000"
export OIDC_ISSUER="http://verifymyidentity:8000"
export HOSTNAME_URL="http://verifymyidentity:8000"
export ALLOWED_HOSTS="*"
export DJANGO_SUPERUSER_USERNAME="youruser"
export DJANGO_SUPERUSER_PASSWORD="yourpassword"
export DJANGO_SUPERUSER_EMAIL="[email protected]"
export DJANGO_SUPERUSER_FIRST_NAME="Super"
export DJANGO_SUPERUSER_LAST_NAME="User"
export FROM_EMAIL="[email protected]"
export ADMIN_EMAIL="[email protected]"
# If using Twilio for SMS delivery
export TWILIO_ACCOUNT_SID="ACcccXXXXXXXXXXXXXXXXXXXXXX"
export TWILIO_TOKEN="4161XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
export TWILIO_FROM_NUMBER="+12025555555"
# If using Sendgrid for email delivery
export SENDGRID_API_KEY="SG.FyxxxXXXXXXXXXXXXXXXXXXXXXX.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXi0c0MuH3Af_g"
# Do some basic branding. (See the settings file for more options.)
export SUBJECT_LUHN_PREFIX = env('SUBJECT_LUHN_PREFIX', '012345')
export ORGANIZATION_NAME = env('DJANGO_APPLICATION_TITLE', "ACME Health")
# You may also override the top left project name
export TOP_LEFT_TITLE = env('TOP_LEFT_TITLE', 'verify my identity2')
export PARTNER_REF = env('PARTNER_REF', 'Partner Health')
This is how you can brand the project to your needs. A paid license is required to modify/brand VMI for your needs.
See the `settings.py` and for a full list. Below are some basic variable you may want to set.
Just add the above to a `.env` and then do a `source .env`. Without valid
AWS credentials email and SMS text functions will not work. The superuser settings
are used to create a default superuser.
Create the database:
python manage.py migrate
Create initial Groups and Permissions, and Organizations
python manage.py create_default_groups
python manage.py create_sample_organizations
Create a superuser (Optional)
python manage.py create_super_user_from_envars
In development our convention is to run `vmi` on port `8000` and `oauth2org` on 8001.
To start this server on port 8000 issue the following command.
python manage.py runserver
This will start the server on the default port of `8000`.
Docker Installation
-------------------
Alternatively, a Docker configuration is available in:
.development
By default the docker instance will be attached to
port **8000** on localhost
It will also configure a postgreSQL instance on port **5432**.
If you're working with a fresh db image
the migrations have to be run.
```
docker-compose -f .development/docker-compose.yml exec web python manage.py migrate
```
If you make changes to `requirements.txt` to add libraries re-run
`docker-compose` with the `--build` option.
After the VMI Docker container is completely setup, you execute Django
commands like so:
`docker-compose -f .development/docker-compose.yml exec web python manage.py`
## Associated Projects
[VerifyMyIdentity - VMI](https://github.com/videntity/vmi),
a standards-focused OpenID Connect Identity Provider.
[Oauth2org](https://github.com/TransparentHealth/oauth2org) is designed as a
consumer-mediated health information exchange. It is an OAuth2 Provider and FHIR Server.
ShareMyHealth acts as a relying party to
[vmi](https://github.com/videntity/vmi).
## Supporting Resources
vmi uses css resources from Bootstrap (v.3.3.x) and
Font-Awesome (v4.4.x).