Shibboleth identification plugin for CKAN 2.4.1. Uses repoze.who.openid plugin for authentication.
You can install ckanext-shibboleth with
pip install -e git+git://github.com/kata-csc/ckanext-shibboleth.git#egg=ckanext-shibboleth
To run tests type
$ python setup.py nosetests
who.ini configuration:
[plugin:shibboleth]
use = ckanext.repoze.who.shibboleth.plugin:make_identification_plugin
session = Shib-Session-ID
eppn = eppn
mail = mail
fullname = cn
# Add more key-worded parameters below
firstname = displayName
surname = sn
organization = schacHomeOrganization
mobile = mobile
telephone = telephoneNumber
[general]
request_classifier = repoze.who.classifiers:default_request_classifier
challenge_decider = repoze.who.classifiers:default_challenge_decider
[identifiers]
plugins =
shibboleth
friendlyform;browser
auth_tkt
[authenticators]
plugins =
ckanext.shibboleth.authenticator:ShibbolethAuthenticator
auth_tkt
ckan.lib.authenticator:UsernamePasswordAuthenticator
[challengers]
plugins =
shibboleth
If you can login to IdP but CKAN is not logging you in, try removing REMOTE_USER from ApplicationDefaults in /etc/shibboleth/shibboleth2.xml. This should work:
<ApplicationDefaults entityID="https://sp.mydomain.com/shibboleth">