-
Notifications
You must be signed in to change notification settings - Fork 56
Integration between WSO2 IS and CKAN using OAuth2
NOTE 1: We need to make changes in both applications, i.e. WSO2 as well as CKAN.
NOTE 2: The given procedure has been tested with both WSO2-IS v5.3 and v5.5
- First, we need to install oauth2 plugin in ckan
pip install ckanext-oauth2
- After installing the plugin, add ‘oauth2’ in your
/etc/ckan/default/development.ini
file in plugins section - Now, add these following configurations in
/etc/ckan/default/development.ini
file.
- ckan.oauth2.authorization_endpoint = https:// wso2-instance-ip /oauth2/authorize
- ckan.oauth2.token_endpoint = https:// wso2-instance-ip /oauth2/token
- ckan.oauth2.profile_api_url = https:// wso2-instance-ip /oauth2/userinfo
- ckan.oauth2.client_id = (Will be shown in WSO2 side below)
- ckan.oauth2.client_secret = (Will be shown in WSO2 side below)
- ckan.oauth2.scope = all_info openid
- ckan.oauth2.rememberer_name = auth_tkt
- ckan.oauth2.profile_api_user_field = email
- ckan.oauth2.profile_api_fullname_field = displayName
- ckan.oauth2.profile_api_mail_field = email
-
Now, as we have completed all the changes at CKAN side, now we will move towards WSO2-IS.
-
After signing in WSO2-IS, click on add, under Service Providers section provide a name of service provider as – CKAN (anything of your choice) and description optional as shown below:
-
After pressing ‘Register’ button, further settings page will open up. After scrolling down, click on ‘Inbound Authentication Configuration’.
-
When you click on ‘Inbound Authentication Configuration’ , click on ‘configure’ and a new page for Registering New Application would open as shown below:
-
As shown above, tick on ‘Code’ grant types only and feed in you Callback URL as shown in the below format only by replacing
ckan-instance-url
with the URL of your running CKAN instance and click on add:Callback URL: http://ckan-instance-url/oauth2/callback
Rest all settings are same on the page.
-
Now, when we have registered the application in step 8,we would see a ‘Client Key’ and ‘Client Secret’ as shown below:
-
The Client-Key and Client-Secret shown above needs to be added in step 3 in configuration settings.
11.Now in claim configuration add these 2 claims as mandatory as shown below: i.e. Full name and email address and click update.
- Now, when we have completed the configuration at both WSO2 and CKAN
NOTE: Only in case, if your CKAN is running on http, then before running CKAN on paster serve, we need to execute the following command:
export OAUTHLIB_INSECURE_TRANSPORT= True
- Now we are set to go and Login in CKAN.