# ckanext-msal
This extension allows you to sign in users with Microsoft identities (Azure AD, Microsoft Accounts and Azure AD B2C accounts). It uses [Microsoft MSAL](https://github.com/AzureAD/microsoft-authentication-library-for-python) library.
It works with Microsoft 365 accounts. But in future, the situation could change.
## Requirements
Compatibility with core CKAN versions:
| CKAN version | Compatible? |
| --------------- | ------------- |
| 2.7 and earlier | no |
| 2.8 | no |
| 2.9 | no |
| 2.10.0+ | yes |
## Installation
To install ckanext-msal:
1. Activate your CKAN virtual environment, for example:
. /usr/lib/ckan/default/bin/activate
2. Clone the source and install it on the virtualenv
git clone https://github.com/DataShades/ckanext-msal.git
cd ckanext-msal
pip install -e .
pip install -r requirements.txt
3. Add `msal` to the `ckan.plugins` setting in your CKAN
config file (by default the config file is located at
`/etc/ckan/default/ckan.ini`).
4. Restart CKAN. For example if you've deployed CKAN with Apache on Ubuntu:
sudo service apache2 reload
## Config settings
# The application client id. Mandatory option.
ckanext.msal.client_id = 000000-0000-0000-0000-00000000000
# The client secret. Mandatory option.
ckanext.msal.client_secret = 000000-0000-0000-0000-00000000000
# The tenant ID. If it's not provided, the common one for multi-tenant app will be used.
# In this case, the application is not guaranteed to work properly.
# (optional, default: 'common').
ckanext.msal.tenant_id = 000000-0000-0000-0000-00000000000
# The redirect path should be setted up in Azure AD web app config.
# It handles the response from Microsoft.
# (optional, default: "/get_msal_token").
ckanext.msal.redirect_path
# While the session lifespan could be manage only in Azure AD conditional policies panel,
# this option actually implies how often do we send a test request for the Microsoft Graph API
# to check if our Access token is still alive.
# (optional, default: 3600, in seconds).
ckanext.msal.session_lifetime = 3600
# The list of restricted email domains. User won't be able to login under
# an email with those domains (optional, default: None)
ckanext.msal.restrict.domain_list = gmail.com, onmicrosoft.com
# The list of allowed email domains. User won't be able to login under
# any other emails (optional, default: None)
ckanext.msal.restrict.allowed_domain_list = protonmail.com, orgname.onmicrosoft.com
# A message that will be shown to users with a restricted domain
# (optional, default: "Your email domain is restricted. Please, contact site admin.")
ckanext.msal.restrict.error_message
## Developer installation
To install ckanext-msal for development, activate your CKAN virtualenv and
do:
git clone https://github.com/DataShades/ckanext-msal.git
cd ckanext-msal
python setup.py develop
pip install -r dev-requirements.txt
## Tests
If you changed something - be sure to run tests before merging your changes. To run tests, do:
pytest --ckan-ini=test.ini
## License
[AGPL](https://www.gnu.org/licenses/agpl-3.0.en.html)
Raw data
{
"_id": null,
"home_page": null,
"name": "ckanext-msal",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": "DataShades <datashades@linkdigital.com.au>",
"keywords": "SSO, CKAN, Microsoft, SAML, MSAL",
"author": null,
"author_email": "DataShades <datashades@linkdigital.com.au>, Oleksandr Cherniavskyi <mutantsan@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/8a/93/8e0d0c5bffb2d27cbcfe1c5223108fd58cf413aa227683b4ef63de349fde/ckanext_msal-1.5.2.tar.gz",
"platform": null,
"description": "# ckanext-msal\n\nThis extension allows you to sign in users with Microsoft identities (Azure AD, Microsoft Accounts and Azure AD B2C accounts). It uses [Microsoft MSAL](https://github.com/AzureAD/microsoft-authentication-library-for-python) library.\n\nIt works with Microsoft 365 accounts. But in future, the situation could change.\n\n## Requirements\n\nCompatibility with core CKAN versions:\n\n| CKAN version | Compatible? |\n| --------------- | ------------- |\n| 2.7 and earlier | no |\n| 2.8 | no |\n| 2.9 | no |\n| 2.10.0+ | yes |\n\n## Installation\n\nTo install ckanext-msal:\n\n1. Activate your CKAN virtual environment, for example:\n\n . /usr/lib/ckan/default/bin/activate\n\n2. Clone the source and install it on the virtualenv\n\n git clone https://github.com/DataShades/ckanext-msal.git\n cd ckanext-msal\n pip install -e .\n\tpip install -r requirements.txt\n\n3. Add `msal` to the `ckan.plugins` setting in your CKAN\n config file (by default the config file is located at\n `/etc/ckan/default/ckan.ini`).\n\n4. Restart CKAN. For example if you've deployed CKAN with Apache on Ubuntu:\n\n sudo service apache2 reload\n\n\n## Config settings\n\t# The application client id. Mandatory option.\n\tckanext.msal.client_id = 000000-0000-0000-0000-00000000000\n\n\t# The client secret. Mandatory option.\n\tckanext.msal.client_secret = 000000-0000-0000-0000-00000000000\n\n # The tenant ID. If it's not provided, the common one for multi-tenant app will be used.\n # In this case, the application is not guaranteed to work properly.\n # (optional, default: 'common').\n ckanext.msal.tenant_id = 000000-0000-0000-0000-00000000000\n\n # The redirect path should be setted up in Azure AD web app config.\n # It handles the response from Microsoft.\n # (optional, default: \"/get_msal_token\").\n ckanext.msal.redirect_path\n\n # While the session lifespan could be manage only in Azure AD conditional policies panel,\n # this option actually implies how often do we send a test request for the Microsoft Graph API\n # to check if our Access token is still alive.\n # (optional, default: 3600, in seconds).\n ckanext.msal.session_lifetime = 3600\n\n # The list of restricted email domains. User won't be able to login under\n # an email with those domains (optional, default: None)\n ckanext.msal.restrict.domain_list = gmail.com, onmicrosoft.com\n\n # The list of allowed email domains. User won't be able to login under\n # any other emails (optional, default: None)\n ckanext.msal.restrict.allowed_domain_list = protonmail.com, orgname.onmicrosoft.com\n\n # A message that will be shown to users with a restricted domain\n # (optional, default: \"Your email domain is restricted. Please, contact site admin.\")\n ckanext.msal.restrict.error_message\n\n## Developer installation\n\nTo install ckanext-msal for development, activate your CKAN virtualenv and\ndo:\n\n git clone https://github.com/DataShades/ckanext-msal.git\n cd ckanext-msal\n python setup.py develop\n pip install -r dev-requirements.txt\n\n\n## Tests\n\nIf you changed something - be sure to run tests before merging your changes. To run tests, do:\n\n pytest --ckan-ini=test.ini\n\n\n## License\n\n[AGPL](https://www.gnu.org/licenses/agpl-3.0.en.html)\n",
"bugtrack_url": null,
"license": "AGPL",
"summary": "Login to CKAN using The Microsoft Authentication Library (MSAL)",
"version": "1.5.2",
"project_urls": {
"Homepage": "https://github.com/DataShades/ckanext-msal"
},
"split_keywords": [
"sso",
" ckan",
" microsoft",
" saml",
" msal"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "6b56de8b5ddb8f4148496779617578ab9ae3c2cb52f7359e64930fd969c249d1",
"md5": "d165c07b50b2dbf36fbaae2d3855a04e",
"sha256": "844b0b7ec2d07a14c006fdad7cbd33d2c2e116de5aeb2b4c2bf08d62f4d88591"
},
"downloads": -1,
"filename": "ckanext_msal-1.5.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d165c07b50b2dbf36fbaae2d3855a04e",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 25680,
"upload_time": "2025-01-21T15:07:43",
"upload_time_iso_8601": "2025-01-21T15:07:43.897919Z",
"url": "https://files.pythonhosted.org/packages/6b/56/de8b5ddb8f4148496779617578ab9ae3c2cb52f7359e64930fd969c249d1/ckanext_msal-1.5.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "8a938e0d0c5bffb2d27cbcfe1c5223108fd58cf413aa227683b4ef63de349fde",
"md5": "cb4d14e96c8851c9f8095fa24c60002e",
"sha256": "629ad940059bd981bb4be5b92f5ea5946a488f2dea316f8b47628f683bce870a"
},
"downloads": -1,
"filename": "ckanext_msal-1.5.2.tar.gz",
"has_sig": false,
"md5_digest": "cb4d14e96c8851c9f8095fa24c60002e",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 25185,
"upload_time": "2025-01-21T15:07:45",
"upload_time_iso_8601": "2025-01-21T15:07:45.791514Z",
"url": "https://files.pythonhosted.org/packages/8a/93/8e0d0c5bffb2d27cbcfe1c5223108fd58cf413aa227683b4ef63de349fde/ckanext_msal-1.5.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-01-21 15:07:45",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "DataShades",
"github_project": "ckanext-msal",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"requirements": [
{
"name": "msal",
"specs": [
[
"==",
"1.31.1"
]
]
}
],
"lcname": "ckanext-msal"
}
JSON
