ckanext-azure-auth
A CKAN extension. Adds authentication using Microsoft ADFS and Azure AD
Features
- Integrates ckan with Active Directory on Windows 2012 R2, 2016 or Azure AD in the cloud.
- Provides seamless single sign on (SSO) for ckan project on intranet environments.
- Can auto create users.
- Stores inside user session access tokens for the future usees.
Requires python packages: M2Crypto, pyjwt, xml_python
Linux packages:
apt install \
build-essential \
python3-dev \
libssl-dev \
swig
What is ADFS?
Azure Active Directory (Azure AD) is Microsoft’s enterprise cloud-based identity
and access management (IAM) solution. Azure AD is the backbone of the Office 365
system, and it can sync with on-premise Active Directory and provide authentication
to other cloud-based systems via OAuth or OpenId.
If you merely want to test this extension you can take out a free trial at the
Azure website (although you’ll need to provide credit card details to prove
you’re not a bot).
Configure:
- Configure ADFS
* Register Azure APP
* * Single tenant (example based on this config)
Follow the documentation for this plugin django-auth-adfs configuration
On the machine hosting your instance of CKAN:
Ensure all the requirements are installed (see requirements.txt for further
details).
In your CKAN’s settings.ini file add inside the [app:main] section azure_auth into a ckan.plugins:
[app:main]
ckan.plugins = stats text_view image_view recline_view azure_auth
And these settings:
[app:main]
ckanext.azure_auth.wtrealm = <..uuid..>
ckanext.azure_auth.tenant_id = <..uuid..>
ckanext.azure_auth.client_id = <..uuid..>
ckanext.azure_auth.audience = <..uuid..>
ckanext.azure_auth.client_secret = <.. client secret ..>
# Allow plugin to create new users
ckanext.a