search

mutantsan / ckanext-msal

Login to CKAN using The Microsoft Authentication Library (MSAL)
GNU Affero General Public License v3.0
0 stars 2 forks source link

CKAN is not redirecting to Miscorsoft Entra ID #6

Open davilla41 opened 1 month ago

davilla41 commented 1 month ago

Hello, I have installed the ckanext-msal extension using the documentation, this is my ckan.ini plugin configuration:

ckan.plugins = activity datatables_view datastore xloader scheming_datasets msal
ckan.resource_proxy.timeout = 5

ckanext.msal.client_id = <client_id>
ckanext.msal.client_secret = <client_secret>
ckanext.msal.tenant_id = <tenant_id>
ckanext.msal.redirect_path = https://<my_domain>/get_msal_token

I added this redirection URI to my app registration for CKAN on Azure:

https://my_domain/get_msal_token Screen Shot 2024-05-08 at 21 04 08 Everything is a CKAN Source installation made by the book on a headless Ubuntu 20.04 virtual machine with Nginx and uWSGI

But still the the redirection is not happening when I restart my server and click on the login button. Any suggestions?

davilla41 commented 1 month ago

Update, I double check the plug in installation and configuration and I discover that I miss this command: pip install -e .

Maybe because is written funny in the documentation, as you can see here in the image below: Screen Shot 2024-05-09 at 9 36 18

But now I'm getting a 502 Bad Gateway error that only disappears if I remove the msal extension name from the ckan.ini CKAN configuration file, in that case the site goes back to live again.

Any solution?

davilla41 commented 1 month ago

Update: Whatever is happening is triggered by this configuration parameter: ckanext.msal.redirect_path = https://<my_domain>/get_msal_token The error message from uWSGI contains something like this:

File "/usr/lib/ckan/default/lib/python3.10/site-packages/werkzeug/routing.py", line 698, in __init__
    raise ValueError("urls must start with a leading slash")
ValueError: urls must start with a leading slash
unable to load app 0 (mountpoint='') (callable not found or import error)

If I remove the whole line the site is live again and even if I use this the site also works: ckanext.msal.redirect_path = /get_msal_token

But in any case the login to Microsoft Entra ID is happening. Still lost here.

I also tried using the direct redirection URI directly on the browser: https://my-domain.com/get_a_token the result was a redirection to a 404 page. Screen Shot 2024-05-10 at 8 43 46

ryangermann-gov-on-ca commented 1 month ago

(sorry, I can't help you with this specific CKAN extension for Single Sign On, but I have implmented the ongov/msal CKAN SSO extension, so if you would consider using that one I'd be happy to help you get it set up.

davilla41 commented 1 month ago

(sorry, I can't help you with this specific CKAN extension for Single Sign On, but I have implmented the ongov/msal CKAN SSO extension, so if you would consider using that one I'd be happy to help you get it set up.

That will be great Ryan, just let me know how we meet or how I follow your instructions.

ryangermann-gov-on-ca commented 1 month ago

That will be great Ryan, just let me know how we meet or how I follow your instructions.

Please google "InfoGo" which is the site listing all government of Ontario employees, and look me up by name. My email address is there.

The repository is at:

https://github.com/ongov/ckanext-msal

I didn't ask what version of CKAN you're using, I am not sure if it works with CKAN >2.10.