IP-login on your local system
Monolith Setup
You need to have a running monolith application (configfrontend) on your local machine.
To enable the SSO IP-login, turn on the ip-login-enabled toggle in Unleash: https://app.unleash-hosted.com/gold/projects/user-authentication-services/features/ip-login-enabled
Note: After toggling the feature in Unleash, it can take up to 5 minutes to see the change.
Now, on any page visit, the SSO IP-login will be active, but you might not get logged in automatically because your IP is not yet eligible.
Statista 4.0 Setup
When running Statista 4.0 applications, you don't need to enable SSO IP-login as it is enabled by default.
On any page visit, the SSO IP-login will be active, but you might not get logged in automatically because your IP is not yet eligible.
Complications with our Windscribe VPN
For IP-login testing on stage and production, we use a special Windscribe VPN account with a fixed IP address. This IP address is linked to a user eligible for IP-login.
Unfortunately, we cannot use this VPN for local testing as we need a connection to the development user database. This is only possible from certain IP ranges, such as the office network or our Statista VPN. Connecting to the Windscribe VPN will cause the connection to the development user database to fail, resulting in errors from the locally running monolith.
Enable Current IP
To test the IP-login, you need to prepare your test user and enable your IP to be eligible.
Prepare test user
The test user linked to the IP CIDR must have certain attributes.
You can simply link this user:
- 4376390 - cpe-test+1@statista.com
If you want to use a different user, update the user either via the CRM (recommended) or by updating the data in the database. The user needs the following attributes:
idAccountStatus = 2(activated account)isAllowIPLogin = 1(IP-login enabled)
Adding your IP
The next step is linking the test user to your IP. Look up your public IP on a website like https://ipaddress.my.
:warning: When running the monolith on your local machine, you need to be connected to the Statista VPN. Enabling the VPN IP for IP-login will cause everyone using the local development with enabled SSO IP-login to be automatically logged in. Your activities might interfere with these of other developers. To minimize impact, please disable the link as soon as you finish your testing activities.
Use the CRM to open your test user and enter the IP range for the IP-login. Use the smallest IP range possible, which for a single IP address would be: 212.79.58.182/32.
If you cannot use the CRM, you can manually create a new entry in the usersIP table in the user database. Do this at your own risk.
Synchronizing IP CIDRs
Lastly, the newly created link needs to be synchronized with our internal Redis storage, where the lookup happens.
The "ip-login-synchronizer-service" handles this and runs every hour.
To check if the service has already executed or to trigger it manually, open the lambda on the AWS console. For a manual trigger, click the "Test" tab and then the orange "Test" button to invoke the function. Wait a bit to see if the function succeeded. You can open the logs from the box that shows up.
Verification
To verify you're really logged in via IP-login, please open: https://www.statista.test/sso/userinfo
Here you find an id that contains the Auth0 identifier. Make sure it starts with oauth2|ip-login|.