Skip to content

suresh-krishnamurthy/ckanext-adfs

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ckanext-adfs

A CKAN extension for validating users against Microsoft's Active Directory Federated Services (ADFS) Single Sign On (SSO) API.

In layman's terms it lets you log in using some third-party source of authentication provided by Microsoft and beloved by BDOs (Big Dumb Orgs).

See the requirements.txt file for third party modules needed for this to work (lxml and M2Crypto). You'll also need the following packages installed:

  • libxml2
  • libxml2-dev
  • libxslt1.1
  • libxslt1-dev
  • openssl
  • libssl-dev
  • swig
  • python-dev

What is ADFS?

Microsoft's Azure cloud-based offering provides Active Directory Federated Services (ADFS for short). As far as we can tell these have absolutely nothing to do with the "traditional" LDAP/ActiveDirectory we love to loath but is a confusion thought up by their marketing department. In essence it is possible to create an "Active Directory" within Azure to define groups of users. ADFS is a way to allow such users to log in to some third party application (in this case it's your instance of CKAN) via said Azure active directory. For this to happen you'll need to create a new "application" (representing your CKAN instance) within the relevant Azure active directory. Microsoft have good documentation online for doing this (although see the caveat about UI changes below).

If you merely want to test this extension you can take out a free trial at the Azure website (although you'll need to provide credit card details to prove you're not a bot).

Configure:

In Azure ensure the following settings are correct for your application:

On the machine hosting your instance of CKAN:

Ensure all the requirements are installed (see requirements.txt for further details).

In your CKAN's settings.ini file you need to provide two settings in the [app:main] section:

  • adfs_wtrealm - the APP ID URI setting found in the "Get Started" / "Enable Users to Sign On" section on the "home" page for the application integrating with ADFS on the Azure website. This is usually the same as the APP ID URI you define in the settings for the application.
  • adfs_metadata_url - a URL pointing to a remote file called FederationMetadata.xml containing the ADFS_NAMESPACE and adfs_x509 related values. This URL is in the "Federation Metadata Document URL" value in the "Enable Users to Sign On" section of the Azure website (at current time of writing).

A WORD OF WARNING Microsoft appears to change its UI in the Azure website quite often so you may need to poke around to find the correct settings. It has been our experience that their otherwise excellent documentation doesn't always stay up-to-date and/or Google doesn't point to the most current version of the documentation. YMMV.

Development Environment:

Create a new virtualenv and install the requirements with the pip command:

$ mkvirtualenv foo
(foo)$ pip install -r requirements.txt

Alternatively, make sure you've installed the requirements in CKAN's own virtualenv.

To run the test suite type:

$ python -m unittest discover

All the heavy lifting for checking the response is done in the validation module.

About

Active Directory authentication for CKAN

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 84.0%
  • HTML 16.0%