An extension for authentication with Keycloak
Project description
ckanext-keycloak - Keycloak authentication extension
Ckanext-keycloak is a extension for enalbing the user authentication with Keycloak, an open source software product to allow single sign-on with Identity Management and Access Management aimed at modern applications and services.
This extension provides an ability to let users use access-token from Keycloak server to access CKAN functions via CKAN REST Api.
Notes:
A new user will be created automatically in ckan database for the corresponding keycloak user if it does not exist.
Original ckan authentication still works normally with this extension.
Requirements
This extension was developed and tested under CKAN-2.7.3 and Keycloak-2.5.5
Installation
To install ckanext-keycloak:
Activate your CKAN virtual environment, for example:
. /usr/lib/ckan/default/bin/activate
Install the ckanext-keycloak Python package into your virtual environment:
pip install ckanext-keycloak
Add keycloak setting in your CKAN config file (by default the config file is located at /etc/ckan/default/production.ini) as follows:
ckan.plugins = keycloak <other-plugins> ckan.keycloak.authorization_endpoint = http://localhost/auth ckan.keycloak.realm = master ckan.keycloak.client_id = client_id ckan.keycloak.client_secret = client_secret ckan.keycloak.sysadmin_group_name = admin ckan.keycloak.profile_group_field = group ckan.keycloak.profile_username_field = preferred_username ckan.keycloak.profile_email_field = email ckan.keycloak.profile_fullname_field = name
Restart CKAN. For example if you’ve deployed CKAN with Apache on Ubuntu:
sudo service apache2 reload
Development Installation
To install ckanext-keycloak for development, activate your CKAN virtualenv and do:
git clone https://github.com/etri-odp/ckanext-keycloak.git cd ckanext-keycloak python setup.py develop pip install -r dev-requirements.txt
Running the Tests
To run the tests, do:
nosetests --nologcapture --with-pylons=test.ini
To run the tests and produce a coverage report, first make sure you have coverage installed in your virtualenv (pip install coverage) then run:
nosetests --nologcapture --with-pylons=test.ini --with-coverage --cover-package=ckanext.keycloak --cover-inclusive --cover-erase --cover-tests
Registering ckanext-keycloak on PyPI
ckanext-keycloak should be availabe on PyPI as https://pypi.python.org/pypi/ckanext-keycloak. If that link doesn’t work, then you can register the project on PyPI for the first time by following these steps:
Create a source distribution of the project:
python setup.py sdist
Register the project:
python setup.py register
Upload the source distribution to PyPI:
python setup.py sdist upload
Tag the first release of the project on GitHub with the version number from the setup.py file. For example if the version number in setup.py is 0.0.1 then do:
git tag 0.0.1 git push --tags
Acknowledgements
This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No.2017-00253, Development of an Advanced Open Data Distribution Platform based on International Standards)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ckanext_keycloak-0.0.1-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | acbe0a9d046d0d8e39712f7d969d4f7f4d920a5983840d73a29abde21efafd5d |
|
MD5 | b5ef80224496564429de94b156fedce3 |
|
BLAKE2b-256 | 1abd05f70a19c027fe203a3bdb0619daae67a34d88609bd5408035fc594957fe |