Skip to main content

An extension for authentication with Keycloak

Project description

ckanext-keycloak - Keycloak authentication extension

Ckanext-keycloak is a extension for enalbing the user authentication with Keycloak, an open source software product to allow single sign-on with Identity Management and Access Management aimed at modern applications and services.

This extension provides an ability to let users use access-token from Keycloak server to access CKAN functions via CKAN REST Api.

Notes:

  • A new user will be created automatically in ckan database for the corresponding keycloak user if it does not exist.

  • Original ckan authentication still works normally with this extension.

Requirements

This extension was developed and tested under CKAN-2.7.3 and Keycloak-2.5.5

Installation

To install ckanext-keycloak:

  1. Activate your CKAN virtual environment, for example:

    . /usr/lib/ckan/default/bin/activate
  2. Install the ckanext-keycloak Python package into your virtual environment:

    pip install ckanext-keycloak
  3. Add keycloak setting in your CKAN config file (by default the config file is located at /etc/ckan/default/production.ini) as follows:

    ckan.plugins = keycloak <other-plugins>
    ckan.keycloak.authorization_endpoint = http://localhost/auth
    ckan.keycloak.realm = master
    ckan.keycloak.client_id = client_id
    ckan.keycloak.client_secret = client_secret
    ckan.keycloak.sysadmin_group_name = admin
    ckan.keycloak.profile_group_field = group
    ckan.keycloak.profile_username_field = preferred_username
    ckan.keycloak.profile_email_field = email
    ckan.keycloak.profile_fullname_field = name
  4. Restart CKAN. For example if you’ve deployed CKAN with Apache on Ubuntu:

    sudo service apache2 reload

Development Installation

To install ckanext-keycloak for development, activate your CKAN virtualenv and do:

git clone https://github.com/etri-odp/ckanext-keycloak.git
cd ckanext-keycloak
python setup.py develop
pip install -r dev-requirements.txt

Running the Tests

To run the tests, do:

nosetests --nologcapture --with-pylons=test.ini

To run the tests and produce a coverage report, first make sure you have coverage installed in your virtualenv (pip install coverage) then run:

nosetests --nologcapture --with-pylons=test.ini --with-coverage --cover-package=ckanext.keycloak --cover-inclusive --cover-erase --cover-tests

Registering ckanext-keycloak on PyPI

ckanext-keycloak should be availabe on PyPI as https://pypi.python.org/pypi/ckanext-keycloak. If that link doesn’t work, then you can register the project on PyPI for the first time by following these steps:

  1. Create a source distribution of the project:

    python setup.py sdist
  2. Register the project:

    python setup.py register
  3. Upload the source distribution to PyPI:

    python setup.py sdist upload
  4. Tag the first release of the project on GitHub with the version number from the setup.py file. For example if the version number in setup.py is 0.0.1 then do:

    git tag 0.0.1
    git push --tags

Acknowledgements

This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No.2017-00253, Development of an Advanced Open Data Distribution Platform based on International Standards)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ckanext-keycloak-0.0.1.tar.gz (20.1 kB view hashes)

Uploaded Source

Built Distribution

ckanext_keycloak-0.0.1-py2-none-any.whl (18.3 kB view hashes)

Uploaded Python 2

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page