Documentation
Complete guide to implementing Canopy Security Framework
Quick Start Guide
developer@il4-env
:
~
$ pip install canopy-auth
Installing canopy-auth v1.2.0...
$ canopy init-admin
✓ Admin user initialized
✓ Database created
✓ IL4+ compliance validated
Setup complete! Visit /canopy/setup for configuration.
Getting Started
System Requirements
- • Python 3.8+ with Flask
- • PostgreSQL 13+ (encrypted)
- • Linux/Windows Server
- • 4GB RAM minimum
- • FIPS 140-2 Level 3 HSM (optional)
Prerequisites
- • IL4+ environment access
- • Azure AD admin rights
- • DoD PKI certificates (optional)
- • CANOPY_SECRET_KEY configured
- • Database connection string
Installation
Step-by-Step Installation
1
Install Core Package
Install the core authentication framework via pip.
pip install canopy-auth
2
Initialize Admin User
Set up admin user and database using the CLI tool.
canopy init-admin
3
Configure Environment
Set essential IL4+ environment variables.
export CANOPY_SECRET_KEY=your-secure-key
export CANOPY_DATABASE_URI=postgresql://user:pass@host/db
4
Access Setup Wizard
Complete configuration via the web-based setup wizard.
python app.py
# Visit: http://localhost:5000/canopy/setup
Configuration
GCC-High Settings
TENANT_ID
Your GCC-High tenant identifier
CLIENT_ID
Application registration ID
CLIENT_SECRET
Secure client secret (HSM stored)
REDIRECT_URI
OAuth2 redirect endpoint
Security Settings
FIPS_MODE
Enable FIPS 140-2 cryptography
HSM_PROVIDER
Hardware Security Module provider
AUDIT_LOG_LEVEL
Audit logging verbosity
SESSION_TIMEOUT
Maximum session duration
API Reference
Authentication Endpoints
GET
/auth/authorize
Initiate OIDC authentication flow
POST
/auth/token
Exchange authorization code for access token
GET
/auth/userinfo
Retrieve authenticated user information
POST
/auth/logout
Terminate user session and revoke tokens
Additional Resources
Official Documentation
Community Support
Need Help?
Professional support available for government deployments