This installation method is meant for those who are familiar with setting up local development environments on their machines. If you encounter errors, see Troubleshooting.
We recommend using Homebrew, rbenv, nvm or other version management tooling to install the below dependencies; while we don't anticipate changing these frequently, this will ensure that you will be able to easily switch to different versions as needed.
Installing the packages differs slightly if you're on a macOS or a different OS.
If using macOS:
- Install rbenv (lets you install and switch between different versions of Ruby)
- Install Ruby. Choose the version in the
.ruby-version
file - Skip to the set up local environment section. Your other dependencies will be installed in that step.
If not using macOS:
-
To start, make sure you have the following dependencies installed and a working development environment:
- rbenv (lets you install and switch between different versions of Ruby)
- Ruby. Choose the version in the
.ruby-version
file - PostgreSQL
- Redis 7+
- Node.js v22
- Yarn
- chromedriver
-
You will need to install openssl version 1.1:
- Run
brew install [email protected]
- Run
-
Test that you have Postgres and Redis running.
-
Continue to the set up local environment section.
-
Run the following command to set up your local environment:
$ make setup
This command copies sample configuration files, installs required gems and brew packages (if using macOS), and sets up the database. Check out our Makefile commands to learn more about what this command does.
-
Now that you have you have everything installed, you can run the following command to start your local server:
$ make run
You should now be able to go to open up your favorite browser, go to
localhost:3000
and see your local development environment running.
Typically, a person who uses Login.gov will arrive from a partner application, and their experience on Login.gov will be customized to incorporate the name and logo of the partner. They will also be asked to consent to share their information with the partner before being sent back.
To simulate a true end-to-end user experience, you can either...
-
Use the built-in test controller for SAML logins at http://localhost:3000/test/saml/login or OIDC logins at http://localhost:3000/test/oidc/login
Note: to update service provider configurations, run the command
rake db:seed
ormake setup
. -
Or, run a sample partner application, which is configured by default to run with your local IdP instance:
Running the sample application requires a few additional steps, but can be useful if you want to test the experience of a user being redirected to an external site, or if you want to configure different options of the authentication request, such as AAL or IAL.
The IdP's PIV/CAC features are not maintained as part of this codebase, and are instead managed in a
separate application whose code can be found in the 18F/identity-pki
GitHub repository.
In local development, you have two choices for working with PIV/CAC:
- Follow the setup instructions for
identity-pki
and run the application in parallel to the IdP. The IdP is configured by default to connect to the default port of a locally-runningidentity-pki
instance (http://localhost:8443) - Override application configuration to set
identity_pki_disabled: true
in your localconfig/application.yml
. This will allow you to simulate PKI results without having an instance running, and can be useful for testing different error scenarios or distinct PIV/CAC subject identifiers.
Login.gov uses the following tools for our testing:
To run our full test suite locally, use the following command:
$ make test
Running the full test suite takes a very long time, so usually you'll want to run the individual test files or folders you're interested in:
$ bundle exec rspec spec/i18n_spec.rb
Check out our Makefile commands and learn more about how you can customize this command to run specific tests using rspec: https://github.com/18F/identity-idp/blob/main/Makefile#L41
To test a specific spec file with rspec, you may need to add the following configuration to /config/application.yml
so the tests do not crash:
test:
rack_timeout_service_timeout_seconds: 9_999_999_999
By default, the acceptance specs use a headless browser for speed. If you want to see the browser, run the specs with SHOW_BROWSER=true
environment variable:
$ SHOW_BROWSER=true bundle exec rspec spec/features/
Tip
Only JavaScript-enabled tests are configured to run using a real browser, since browser tests are slow to run. If you have a feature test you want to run in a real browser, you can add the js
metadata to your test to mark it as requiring JavaScript:
it 'does something', :js do … end
To ensure that tests are run using the latest source code, JavaScript-enabled feature specs will
compile all JavaScript and stylesheets in local development. This can be time-consuming if you're
repeatedly running the same tests, so you can choose to skip the build by passing the
SKIP_BUILD=true
environment variable:
$ SKIP_BUILD=true bundle exec rspec spec/features
Since the automatic build is meant to act as a safeguard to prevent stale assets from being used,
disabling it will mean you're responsible for running the build any time JavaScript or Sass source
files are changed. You can do this by running yarn build:js
for JavaScript, or yarn build:css
for stylesheets.
In local development, the application does not deliver real email messages. Instead, we use a tool called letter_opener to display messages.
Letter opener will open each outgoing email in a new browser window or tab. In cases where this
will be annoying the application also supports writing outgoing emails to a file. To write emails
to a file add the following config to the development
group in config/application.yml
:
development:
development_mailer_deliver_method: file
After restarting the app emails will be written to the tmp/mails
folder.
To view email templates with placeholder values, visit http://localhost:3000/rails/mailers/ to see a list of template previews.
Login.gov translates the IdP into English, French and Spanish. To help us handle extra newlines and make sure we wrap lines consistently, we have a script that helps format YAML consistently. After importing translations (or making changes to the *.yml
files with strings), run this for the IdP app:
$ make normalize_yaml
If you would like to preview the translations on a particular page, use the Language dropdown in the footer of the website. To manually override a locale, add the locale as the first segment of the URL:
- http://localhost:3000 becomes http://localhost:3000/es
- http://localhost:3000/sign_up/enter_email becomes http://localhost:3000/es/sign_up/enter_email
To see outbound SMS messages and phone calls, visit http://localhost:3000/test/telephony
.
To view RISC Security Events push notifications delivered by the application, visit http://localhost:3000/test/push_notification.
Login.gov uses MaxMind Geolite2 for geolocation. To test geolocation locally, you will need to add a copy of the Geolite2-City database to the IdP.
The Geolite2-City database can be downloaded from MaxMind's site at https://dev.maxmind.com/geoip/geoip2/geolite2/.
Download the GeoIP2 Binary and save it at geo_data/GeoLite2-City.mmdb
.
The app will start using that Geolite2 file for geolocation after restart.
By default, the application binds to localhost
. To test on a local network device or within a virtual machine, you can bind to 0.0.0.0
. Before development, use the following instructions based on your machine's operating system.
- From the "Network" tab on:
-
Monterey and below
Once on "Network" system settings, your IP address is shown under "Status: Connected" label.
-
Ventura
Select "Wi-Fi" or "Ethernet". This option will change based on how you are connected to the internet. From there, click "Details".
IP addresses often take the format of
192.168.1.x
or10.0.0.x
.
- In
config/application.yml
, adddomain_name
andmailer_domain_name
keys underdevelopment
, like so:replacingdevelopment: domain_name: <your-local-ip>:3000 mailer_domain_name: <your-local-ip>:3000
<your-local-ip>
with the address you found in Step 1 - Start the server using the command
HOST=0.0.0.0 make run
- From on the same network, visit the application using the domain name configured in the second step (for example,
http://192.168.1.131:3000
).
Moble device instructions are here
$ make run-https
Or, to run on a different host:
$ HOST=0.0.0.0 make run-https
The run-https
Makefile target will automatically provision a self-signed certificate and start the built-in Rails server.
You can now navigate to https://localhost:3000/ .
It's likely that you'll be prompted with a screen with warnings about an unsafe connection. This is normal. Find the option on the screen to bypass the warning. It may be hidden under an "Advanced" toggle button. In Chrome, you may not see an option to bypass this screen. In these situations, type the letters thisisunsafe
while the screen is active, and you will be redirected automatically.
There was an initial attempt to dockerize the IDP but it is currently deprecated, mostly non-functional, and not maintained. There is ongoing work to make the IDP more 12 Factor compliant which will eventually lead to better support for containerization.
If you'd like to work with the previous implementation see the Docker documentation to install the IdP as a container.
Run make lint
to look for errors; make lintfix
can repair some linting errors.
Default configuration values — like feature flags, timeout settings, and third-party connection details — are found in config/application.yml.default
. From these defaults the file config/application.yml
is created during make setup
for use during local development. See the handbook.
In deployed environments, configuration values are managed with the app-s3-secret script. See the handbook.
We run background jobs / workers with ActiveJob and GoodJob. You shouldn't normally have to start it manually because make run
runs the Procfile
, which handles it. The manual command is: bundle exec good_job start
Processes can be configured to run via async jobs or synchronously using flags such as deliver_mail_async
in application.yml