Skip to content

Integration between WSO2 IS and CKAN using OAuth2

Álvaro Arranz edited this page Nov 20, 2018 · 5 revisions

NOTE 1: We need to make changes in both applications, i.e. WSO2 as well as CKAN.

NOTE 2: The given procedure has been tested with both WSO2-IS v5.3 and v5.5

  1. First, we need to install oauth2 plugin in ckan
    • pip install ckanext-oauth2
  2. After installing the plugin, add ‘oauth2’ in your /etc/ckan/default/development.ini file in plugins section
  3. Now, add these following configurations in /etc/ckan/default/development.ini file.

Configuration Settings:

  • ckan.oauth2.authorization_endpoint = https:// wso2-instance-ip /oauth2/authorize
  • ckan.oauth2.token_endpoint = https:// wso2-instance-ip /oauth2/token
  • ckan.oauth2.profile_api_url = https:// wso2-instance-ip /oauth2/userinfo
  • ckan.oauth2.client_id = (Will be shown in WSO2 side below)
  • ckan.oauth2.client_secret = (Will be shown in WSO2 side below)
  • ckan.oauth2.scope = all_info openid
  • ckan.oauth2.rememberer_name = auth_tkt
  • ckan.oauth2.profile_api_user_field = email
  • ckan.oauth2.profile_api_fullname_field = displayName
  • ckan.oauth2.profile_api_mail_field = email
  1. Now, as we have completed all the changes at CKAN side, now we will move towards WSO2-IS.

  2. After signing in WSO2-IS, click on add, under Service Providers section provide a name of service provider as – CKAN (anything of your choice) and description optional as shown below:

below

  1. After pressing ‘Register’ button, further settings page will open up. After scrolling down, click on ‘Inbound Authentication Configuration’.

  2. When you click on ‘Inbound Authentication Configuration’ , click on ‘configure’ and a new page for Registering New Application would open as shown below:

below

  1. As shown above, tick on ‘Code’ grant types only and feed in you Callback URL as shown in the below format only by replacing ckan-instance-url with the URL of your running CKAN instance and click on add:

    Callback URL: http://ckan-instance-url/oauth2/callback

    Rest all settings are same on the page.

  2. Now, when we have registered the application in step 8,we would see a ‘Client Key’ and ‘Client Secret’ as shown below: below

  3. The Client-Key and Client-Secret shown above needs to be added in step 3 in configuration settings.

11.Now in claim configuration add these 2 claims as mandatory as shown below: i.e. Full name and email address and click update.

below

  1. Now, when we have completed the configuration at both WSO2 and CKAN

NOTE: Only in case, if your CKAN is running on http, then before running CKAN on paster serve, we need to execute the following command:

  • export OAUTHLIB_INSECURE_TRANSPORT= True
  1. Now we are set to go and Login in CKAN.