Authentication via AAF Rapid Connect
Allows AAF (Australian Access Federation) authentication to log into a CKAN installation.
Tested with CKAN 2.5.1, should be fairly easy to port across versions as the codebase is quite small - PR’s welcome! Requires an AAF ‘Rapid Conect’ application to be setup (see https://rapid.aaf.edu.au/ or https://rapid.test.aaf.edu.au/) For a live installation, will require SSL (as AAF will not allow callbacks to a non SSL URL)
To install ckanext-aaf:
Activate your CKAN virtual environment, for example:
Install the ckanext-aaf Python package into your virtual environment:
pip install ckanext-aaf
Add aaf to the ckan.plugins setting in your CKAN config file (by default the config file is located at /etc/ckan/default/production.ini).
Setup config settings (described below), required to decode the JWT tokens passed back by AAF.
Restart CKAN. For example if you’ve deployed CKAN with Apache on Ubuntu:
sudo service apache2 reload
These settings are required (the settings below will not work, register your own application!):
# The unique URL given by AAF Rapid Connect (get one from rapid.aaf.edu.au or rapid.test.aaf.edu.au) ckanext.aaf.url = https://rapid.aaf.edu.au/jwt/authnrequest/research/xxxxyyyzzzz # The secret used to set up the above URL ckanext.aaf.secret = asdfasdf#$#$#$asdfasdf # The URL of your application, as provided to Rapid Connect (doesn't have to match the callback URL) # Note this must match *exactly* what was provided to Rapid Connect - check the trailing slash! ckanext.aaf.aud = http://myappurl.edu.au
These settings are optional:
# Enables use of aaf's test rapid connect service https://rapid.test.aaf.edu.au # (defaults to using the live one https://rapid.aaf.edu.au ) ckanext.aaf.debug = False # Allows overriding of 'ckan.auth.create_user_via_web' so that AAF users can be # created even if normal registrations are disabled. Defaults to False ckanext.aaf.allow_creation_always = False
To install ckanext-aaf for development, activate your CKAN virtualenv and do:
git clone https://github.com/Psykar/ckanext-aaf.git cd ckanext-aaf pip install -e . pip install -r dev-requirements.txt
Running the Tests
To run the tests, do:
nosetests --nologcapture --with-pylons=test.ini
To run the tests and produce a coverage report, first make sure you have coverage installed in your virtualenv (pip install coverage) then run:
nosetests --nologcapture --with-pylons=test.ini --with-coverage --cover-package=ckanext.aaf --cover-inclusive --cover-erase --cover-tests
Releasing a New Version of ckanext-aaf
ckanext-aaf is availabe on PyPI as https://pypi.python.org/pypi/ckanext-aaf. To publish a new version to PyPI follow these steps:
Update the version number in the setup.py file. See PEP 440 for how to choose version numbers.
Create a source distribution of the new version:
python setup.py sdist
Upload the source distribution to PyPI:
python setup.py sdist upload
Tag the new release of the project on GitHub with the version number from the setup.py file. For example if the version number in setup.py is 0.0.2 then do:
git tag -a 0.0.2 git push --tags