# ckanext-msal
This extension allows you to sign in users with Microsoft identities (Azure AD, Microsoft Accounts and Azure AD B2C accounts). It uses [Microsoft MSAL](https://github.com/AzureAD/microsoft-authentication-library-for-python) library.
It works with Microsoft 365 accounts. But in future, the situation could change.
## Requirements
Compatibility with core CKAN versions:
| CKAN version | Compatible? |
| --------------- | ------------- |
| 2.7 and earlier | no |
| 2.8 | no |
| 2.9 | no |
| 2.10.0+ | yes |
## Installation
To install ckanext-msal:
1. Activate your CKAN virtual environment, for example:
. /usr/lib/ckan/default/bin/activate
2. Clone the source and install it on the virtualenv
git clone https://github.com/mutantsan/ckanext-msal.git
cd ckanext-msal
pip install -e .
pip install -r requirements.txt
3. Add `msal` to the `ckan.plugins` setting in your CKAN
config file (by default the config file is located at
`/etc/ckan/default/ckan.ini`).
4. Restart CKAN. For example if you've deployed CKAN with Apache on Ubuntu:
sudo service apache2 reload
## Config settings
# The application client id. Mandatory option.
ckanext.msal.client_id = 000000-0000-0000-0000-00000000000
# The client secret. Mandatory option.
ckanext.msal.client_secret = 000000-0000-0000-0000-00000000000
# The tenant ID. If it's not provided, the common one for multi-tenant app will be used.
# In this case, the application is not guaranteed to work properly.
# (optional, default: 'common').
ckanext.msal.tenant_id = 000000-0000-0000-0000-00000000000
# The redirect path should be setted up in Azure AD web app config.
# It handles the response from Microsoft.
# (optional, default: "/get_msal_token").
ckanext.msal.redirect_path
# While the session lifespan could be manage only in Azure AD conditional policies panel,
# this option actually implies how often do we send a test request for the Microsoft Graph API
# to check if our Access token is still alive.
# (optional, default: 3600, in seconds).
ckanext.msal.session_lifetime = 3600
# The list of restricted email domains. User won't be able to login under
# an email with those domains (optional, default: None)
ckanext.msal.restrict.domain_list = gmail.com, onmicrosoft.com
# The list of allowed email domains. User won't be able to login under
# any other emails (optional, default: None)
ckanext.msal.restrict.allowed_domain_list = protonmail.com, orgname.onmicrosoft.com
# A message that will be shown to users with a restricted domain
# (optional, default: "Your email domain is restricted. Please, contact site admin.")
ckanext.msal.restrict.error_message
## Developer installation
To install ckanext-msal for development, activate your CKAN virtualenv and
do:
git clone https://github.com/mutantsan/ckanext-msal.git
cd ckanext-msal
python setup.py develop
pip install -r dev-requirements.txt
## Tests
If you changed something - be sure to run tests before merging your changes. To run tests, do:
pytest --ckan-ini=test.ini
## License
[AGPL](https://www.gnu.org/licenses/agpl-3.0.en.html)
Raw data
{
"_id": null,
"home_page": "https://github.com/mutantsan/ckanext-msal",
"name": "ckanext-msal",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "CKAN SSO,CKAN,Microsoft,SAML,MSAL",
"author": "Alexandr Cherniavskyi",
"author_email": "mutantsan@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/14/00/a30f375bff84394b5a80679780d9a6b19364599edc4a054c290c0c2061b6/ckanext-msal-1.5.0.tar.gz",
"platform": null,
"description": "# ckanext-msal\n\nThis extension allows you to sign in users with Microsoft identities (Azure AD, Microsoft Accounts and Azure AD B2C accounts). It uses [Microsoft MSAL](https://github.com/AzureAD/microsoft-authentication-library-for-python) library.\n\nIt works with Microsoft 365 accounts. But in future, the situation could change.\n\n## Requirements\n\nCompatibility with core CKAN versions:\n\n| CKAN version | Compatible? |\n| --------------- | ------------- |\n| 2.7 and earlier | no |\n| 2.8 | no |\n| 2.9 | no |\n| 2.10.0+ | yes |\n\n## Installation\n\nTo install ckanext-msal:\n\n1. Activate your CKAN virtual environment, for example:\n\n . /usr/lib/ckan/default/bin/activate\n\n2. Clone the source and install it on the virtualenv\n\n git clone https://github.com/mutantsan/ckanext-msal.git\n cd ckanext-msal\n pip install -e .\n\tpip install -r requirements.txt\n\n3. Add `msal` to the `ckan.plugins` setting in your CKAN\n config file (by default the config file is located at\n `/etc/ckan/default/ckan.ini`).\n\n4. Restart CKAN. For example if you've deployed CKAN with Apache on Ubuntu:\n\n sudo service apache2 reload\n\n\n## Config settings\n\t# The application client id. Mandatory option.\n\tckanext.msal.client_id = 000000-0000-0000-0000-00000000000\n\n\t# The client secret. Mandatory option.\n\tckanext.msal.client_secret = 000000-0000-0000-0000-00000000000\n\n # The tenant ID. If it's not provided, the common one for multi-tenant app will be used.\n # In this case, the application is not guaranteed to work properly.\n # (optional, default: 'common').\n ckanext.msal.tenant_id = 000000-0000-0000-0000-00000000000\n\n # The redirect path should be setted up in Azure AD web app config.\n # It handles the response from Microsoft.\n # (optional, default: \"/get_msal_token\").\n ckanext.msal.redirect_path\n\n # While the session lifespan could be manage only in Azure AD conditional policies panel,\n # this option actually implies how often do we send a test request for the Microsoft Graph API\n # to check if our Access token is still alive.\n # (optional, default: 3600, in seconds).\n ckanext.msal.session_lifetime = 3600\n\n # The list of restricted email domains. User won't be able to login under\n # an email with those domains (optional, default: None)\n ckanext.msal.restrict.domain_list = gmail.com, onmicrosoft.com\n\n # The list of allowed email domains. User won't be able to login under\n # any other emails (optional, default: None)\n ckanext.msal.restrict.allowed_domain_list = protonmail.com, orgname.onmicrosoft.com\n\n # A message that will be shown to users with a restricted domain\n # (optional, default: \"Your email domain is restricted. Please, contact site admin.\")\n ckanext.msal.restrict.error_message\n\n## Developer installation\n\nTo install ckanext-msal for development, activate your CKAN virtualenv and\ndo:\n\n git clone https://github.com/mutantsan/ckanext-msal.git\n cd ckanext-msal\n python setup.py develop\n pip install -r dev-requirements.txt\n\n\n## Tests\n\nIf you changed something - be sure to run tests before merging your changes. To run tests, do:\n\n pytest --ckan-ini=test.ini\n\n\n## License\n\n[AGPL](https://www.gnu.org/licenses/agpl-3.0.en.html)\n",
"bugtrack_url": null,
"license": "AGPL",
"summary": "Login to CKAN using The Microsoft Authentication Library (MSAL)",
"version": "1.5.0",
"project_urls": {
"Homepage": "https://github.com/mutantsan/ckanext-msal"
},
"split_keywords": [
"ckan sso",
"ckan",
"microsoft",
"saml",
"msal"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "f30e2b1639897f47ead5f0011edacf5dca19a282f4da1de827249d8c5221838b",
"md5": "76728604a7b150cbe59b1f3e08a1d2f2",
"sha256": "be27f832087c638e8c15e196c42b2dfa7c4bcdd00a24f51e6a96a69f061f74d0"
},
"downloads": -1,
"filename": "ckanext_msal-1.5.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "76728604a7b150cbe59b1f3e08a1d2f2",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 25996,
"upload_time": "2023-05-25T07:10:22",
"upload_time_iso_8601": "2023-05-25T07:10:22.808449Z",
"url": "https://files.pythonhosted.org/packages/f3/0e/2b1639897f47ead5f0011edacf5dca19a282f4da1de827249d8c5221838b/ckanext_msal-1.5.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "1400a30f375bff84394b5a80679780d9a6b19364599edc4a054c290c0c2061b6",
"md5": "829b5fc07c4ee9197e8a463b97008bdc",
"sha256": "4a153dc0007a1b9e778104d8e04038474b819df9ac8c6ab9beec61c052ac7102"
},
"downloads": -1,
"filename": "ckanext-msal-1.5.0.tar.gz",
"has_sig": false,
"md5_digest": "829b5fc07c4ee9197e8a463b97008bdc",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 24949,
"upload_time": "2023-05-25T07:10:24",
"upload_time_iso_8601": "2023-05-25T07:10:24.552153Z",
"url": "https://files.pythonhosted.org/packages/14/00/a30f375bff84394b5a80679780d9a6b19364599edc4a054c290c0c2061b6/ckanext-msal-1.5.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-05-25 07:10:24",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "mutantsan",
"github_project": "ckanext-msal",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"requirements": [
{
"name": "msal",
"specs": [
[
"==",
"1.7.0"
]
]
},
{
"name": "requests",
"specs": [
[
">=",
"2.27.0"
]
]
},
{
"name": "pyyaml",
"specs": [
[
"==",
"5.3.1"
]
]
},
{
"name": "python-dateutil",
"specs": [
[
"==",
"2.8.1"
]
]
}
],
"lcname": "ckanext-msal"
}