Skip to content

Integration between WSO2 IS and CKAN using OAuth2

Jump to bottom
Álvaro Arranz edited this page Nov 20, 2018 · 5 revisions

NOTE 1: We need to make changes in both applications, i.e. WSO2 as well as CKAN.

NOTE 2: The given procedure has been tested with both WSO2-IS v5.3 and v5.5

  1. First, we need to install oauth2 plugin in ckan
    • pip install ckanext-oauth2
  2. After installing the plugin, add ‘oauth2’ in your /etc/ckan/default/development.ini file in plugins section
  3. Now, add these following configurations in /etc/ckan/default/development.ini file.

Configuration Settings:

  • ckan.oauth2.authorization_endpoint = https:// wso2-instance-ip /oauth2/authorize
  • ckan.oauth2.token_endpoint = https:// wso2-instance-ip /oauth2/token
  • ckan.oauth2.profile_api_url = https:// wso2-instance-ip /oauth2/userinfo
  • ckan.oauth2.client_id = (Will be shown in WSO2 side below)
  • ckan.oauth2.client_secret = (Will be shown in WSO2 side below)
  • ckan.oauth2.scope = all_info openid
  • ckan.oauth2.rememberer_name = auth_tkt
  • ckan.oauth2.profile_api_user_field = email
  • ckan.oauth2.profile_api_fullname_field = displayName
  • ckan.oauth2.profile_api_mail_field = email

  1. Now, as we have completed all the changes at CKAN side, now we will move towards WSO2-IS.

  2. After signing in WSO2-IS, click on add, under Service Providers section provide a name of service provider as – CKAN (anything of your choice) and description optional as shown below:

below

  1. After pressing ‘Register’ button, further settings page will open up. After scrolling down, click on ‘Inbound Authentication Configuration’.

  2. When you click on ‘Inbound Authentication Configuration’ , click on ‘configure’ and a new page for Registering New Application would open as shown below:

below

  1. As shown above, tick on ‘Code’ grant types only and feed in you Callback URL as shown in the below format only by replacing ckan-instance-url with the URL of your running CKAN instance and click on add:

    Callback URL: http://ckan-instance-url/oauth2/callback

    Rest all settings are same on the page.

  2. Now, when we have registered the application in step 8,we would see a ‘Client Key’ and ‘Client Secret’ as shown below: below

  3. The Client-Key and Client-Secret shown above needs to be added in step 3 in configuration settings.

11.Now in claim configuration add these 2 claims as mandatory as shown below: i.e. Full name and email address and click update.

below

  1. Now, when we have completed the configuration at both WSO2 and CKAN

NOTE: Only in case, if your CKAN is running on http, then before running CKAN on paster serve, we need to execute the following command:

  • export OAUTHLIB_INSECURE_TRANSPORT= True
  1. Now we are set to go and Login in CKAN.
  1. Activating & Installing the plugin
  2. Starting CKAN over HTTPs
  3. Starting CKAN over HTTPs using Apache
  4. Starting CKAN over HTTPs using Nginx
  5. Starting CKAN over HTTPs using Apache and Nginx
  6. How it works?
Clone this wiki locally