Skip to main content

Authentication via AAF Rapid Connect

Project description Downloads Latest Version Supported Python versions Development Status License


Allows AAF (Australian Access Federation) authentication to log into a CKAN installation.


Tested with CKAN 2.5.1, should be fairly easy to port across versions as the codebase is quite small - PR’s welcome! Requires an AAF ‘Rapid Conect’ application to be setup (see or For a live installation, will require SSL (as AAF will not allow callbacks to a non SSL URL)


To install ckanext-aaf:

  1. Activate your CKAN virtual environment, for example:

    . /usr/lib/ckan/default/bin/activate
  2. Install the ckanext-aaf Python package into your virtual environment:

    pip install ckanext-aaf
  3. Add aaf to the ckan.plugins setting in your CKAN config file (by default the config file is located at /etc/ckan/default/production.ini).

  4. Setup config settings (described below), required to decode the JWT tokens passed back by AAF.

  5. Restart CKAN. For example if you’ve deployed CKAN with Apache on Ubuntu:

    sudo service apache2 reload

Config Settings

These settings are required (the settings below will not work, register your own application!):

# The unique URL given by AAF Rapid Connect (get one from or
ckanext.aaf.url =
# The secret used to set up the above URL
ckanext.aaf.secret = asdfasdf#$#$#$asdfasdf
# The URL of your application, as provided to Rapid Connect (doesn't have to match the callback URL)
# Note this must match *exactly* what was provided to Rapid Connect - check the trailing slash!
ckanext.aaf.aud =

These settings are optional:

# Enables use of aaf's test rapid connect service
# (defaults to using the live one )
ckanext.aaf.debug = False
# Allows overriding of 'ckan.auth.create_user_via_web' so that AAF users can be
# created even if normal registrations are disabled. Defaults to False
ckanext.aaf.allow_creation_always = False

Development Installation

To install ckanext-aaf for development, activate your CKAN virtualenv and do:

git clone
cd ckanext-aaf
pip install -e .
pip install -r dev-requirements.txt

Running the Tests

To run the tests, do:

nosetests --nologcapture --with-pylons=test.ini

To run the tests and produce a coverage report, first make sure you have coverage installed in your virtualenv (pip install coverage) then run:

nosetests --nologcapture --with-pylons=test.ini --with-coverage --cover-package=ckanext.aaf --cover-inclusive --cover-erase --cover-tests

Releasing a New Version of ckanext-aaf

ckanext-aaf is availabe on PyPI as To publish a new version to PyPI follow these steps:

  1. Update the version number in the file. See PEP 440 for how to choose version numbers.

  2. Create a source distribution of the new version:

    python sdist
  3. Upload the source distribution to PyPI:

    python sdist upload
  4. Tag the new release of the project on GitHub with the version number from the file. For example if the version number in is 0.0.2 then do:

    git tag -a 0.0.2
    git push --tags

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ckanext-aaf-0.0.8.tar.gz (9.3 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page