Sonar and Canary demo apps

Sonar and Canary demo apps

How to set up the Sonar and Canary demo apps to use in the Maverics evaluation.

If you cannot use your own apps to complete the Maverics evaluation and/or cannot use the publicly hosted apps, you can stand up containers of Strata’s two demo apps to use in your evaluation.

Requirements

You will need to use Docker or a docker-based container platform to run the containers.

  • Docker Desktop (Mac/Windows) OR Docker Engine v20.10.x or greater
  • Ports:
    • 8987 (Sonar demo app)
    • 8988 (Canary Bank demo app)

Pulling the images

  • docker pull strataidentity/sonar
  • docker pull strataidentity/canarybank

Running the containers for proxy app testing

You will need to map ports with the docker run command when instantiating each container. Each app has a built-in user and password.

Canary Bank

  1. From the docker CLI, run:
    docker run -p 8988:8988 strataidentity/canarybank canarybank
  2. In your browser, go to http://localhost:8988
    1. username: jdoe
    2. password: password

Sonar

This app requires the SM_USER header to complete an authorization. You can also optionally set firstname and lastname headers.

  1. From the docker CLI, run:
    docker run -p 8987:8987 strataidentity/sonar sonar
  2. In your browser, go to http://localhost:8987
    • username: jdoe
    • password: password

Running Sonar as an OIDC app

Requirements

  • Download the evaluation.zip here to get self-signed certs and the rootCA.pem file needed to set up Sonar.
  1. Using your preferred text editor, create a file called sonar.env.
  2. Copy and paste the following code in the sonar.env file and save.
    TLS_CERT=/localhost.pem
    TLS_KEY=/localhost-key.pem
    AUTH_PROVIDERS=[ { "name": "Maverics", "type": "oidc", "config": { "clientID": "clientID", "clientSecret": "clientSecret", "issuer": "https://localhost:8433", "redirectURL": "https://localhost:8987/auth/Maverics/callback" } } ]
  1. In the same directory, create a new file called docker-compose.yaml and copy and paste the following code.
version: "3.8"
services:
  sonar:
    image: strataidentity/sonar:latest
    hostname: sonar
    env_file:
      - ./sonar.env
    ports:
      - "8987:8987"
    restart: unless-stopped
    command: update-ca-certs
    network_mode: bridge
    extra_hosts:
      - localhost:host-gateway
    volumes:
      - ./rootCA.pem:/etc/ssl/certs/rootCA.pem
      - ./localhost.pem:/localhost.pem
      - ./localhost-key.pem:/localhost-key.pem
  1. In your OIDC app definition, set the following:
    • clientID: clientID
    • clientSecret: clientSecret
    • redirectURLs: https://localhost:8987/auth/Maverics/callback
  2. You can also set the following optional definitions, replacing yourIDP.yourClaim in each field:
  claimsMapping:
      email: yourIDP.yourClaim
      given_name: yourIDP.yourClaim
      family_name: yourIDP.yourClaim
  1. In your OIDC auth provider definition, set the following:
    • issuer: https://localhost:8443
  2. Start the orchestrator by running the Maverics binary file in your working directory. Important: The orchestrator must be running before you start the Sonar app.
  3. In your terminal window or command line, run:
docker-compose up

The expected output will be as follows:

staging-eval-sonar-1  | 2023/11/15 18:31:03 Starting the server [::]:8987
  1. Go to the Sonar app at https://localhost:8987 and click Login with Maverics to start the OIDC login flow.
  2. To stop the services defined in the Compose file, you can run the following command:
docker-compose down

This will stop and remove all the containers created by the Compose file.

ℹ️
Canary Bank also supports OIDC. You can follow the same steps to run Canary Bank as an OIDC app by modifying the ports to use 8988 and the Docker image to canarybank:latest.

Running Canary Bank as an SAML app

Requirements

  • Download the evaluation.zip here to get self-signed certs and the rootCA.pem file needed to set up Sonar.
  1. Using your preferred text editor, create a file called canary.env.
  2. Copy and paste the following code in the canary.env file and save.
    TLS_CERT=/localhost.pem
    TLS_KEY=/localhost-key.pem
    AUTH_PROVIDERS=[ { "name": "Maverics", "type": "saml", "config": { "metadataURL": "https://localhost:8433/metadata", "serviceProviderIssuer": "https://localhost:8988", "assertionConsumerServiceURL": "https://localhost:8988/auth/Maverics/callback", "audienceURI": "https://localhost:8988" } } ]
  1. In the same directory, create a new file called docker-compose.yaml and copy and paste the following code.
version: "3.8"
services:
  sonar:
    image: strataidentity/canarybank:latest
    hostname: canarybank
    env_file:
      - ./canary.env
    ports:
      - "8988:8988"
    restart: unless-stopped
    command: update-ca-certs
    network_mode: bridge
    extra_hosts:
      - localhost:host-gateway
    volumes:
      - ./rootCA.pem:/etc/ssl/certs/rootCA.pem
      - ./localhost.pem:/localhost.pem
      - ./localhost-key.pem:/localhost-key.pem
  1. In your SAML app definition, set the following:
    • audience: https://localhost:8988
    • Assertion Consumer Service (ACS) URL: https://localhost:8988/auth/Maverics/callback
  2. You can also set the following optional definitions, replacing yourIDP.yourClaim in each field:
  claimsMapping:
      email: yourIDP.yourClaim
      given_name: yourIDP.yourClaim
      family_name: yourIDP.yourClaim
  1. In your SAML auth provider definition, set the following:
    • issuer: https://localhost:8433
  2. Start the orchestrator by running the Maverics binary file in your working directory. Important: The orchestrator must be running before you start the Canary Bank app.
  3. In your terminal window or command line, run:
docker-compose up

The expected output will be as follows:

staging-eval-canarybank-1  | 2023/11/15 18:31:03 Starting the server [::]:8987
  1. Go to the Canary Bank app at https://localhost:8988 and click Login with Maverics to start the SAML login flow.
  2. To stop the services defined in the Compose file, you can run the following command:
docker-compose down

This will stop and remove all the containers created by the Compose file.

ℹ️
Sonar also supports SAML. You can follow the same steps to run Sonar as a SAML app by modifying the ports to use 8987 and the Docker image to sonar:latest.