Is FQDN required configure OAuth2 between WSO2 and CKAN

[SakshiSharma-India]

I am using below versions: WSO2 IS: 5.3.0 WSO2 APIM: 2.1.0 CKAN : 2.7.0

I am trying to configure OAuth2 between WSO2 and CKAN using reverse proxy. I have done OAuth2 settings in WSO2 IS side referring below url: https://docs.wso2.com/display/IS530/Configuring+OAuth2-OpenID+Connect+Single-Sign-On

The configurations done at CKAN using OAuth2 plugin, in ckan.ini file are:

ckan.oauth2.logout_url = /user/logged_out
ckan.oauth2.register_url = /
ckan.oauth2.reset_url = /
ckan.oauth2.edit_url = /
ckan.oauth2.authorization_endpoint = https://<reverse-proxy-IP>/wso2am/oauth2/authorize?prompt=login
ckan.oauth2.token_endpoint = https://<reverse-proxy-IP>/wso2am/oauth2/token
ckan.oauth2.profile_api_url = https://<reverse-proxy-IP>/wso2am/oauth2/userinfo?schema=openid
ckan.oauth2.client_id = <client id from WSO2 IS>
ckan.oauth2.client_secret = <client secret from WSO2 IS>
ckan.oauth2.scope = openid
ckan.oauth2.rememberer_name = auth_tkt
ckan.oauth2.profile_api_user_field = sub
ckan.oauth2.profile_api_fullname_field = sub
ckan.oauth2.profile_api_mail_field = sub
ckan.oauth2.authorization_header = OAUTH2_HEADER
ckan.oauth2.profile_api_groupmembership_field = sub
ckan.oauth2.sysadmin_group_name = <ckan user>

On logging into CKAN, it asks for user credentials twice and the gives 404 error. So, I am unable to login to CKAN app.

Please confirm if FQDN is mandatory to setup in this case. Is there any configurations required in this case?

[dushaniw]

@SakshiSharma-India

Could you please explain the use-case a bit? Are you directly integrating WSO2 IS with CKAN via OAuth2? If so, this could be helpful [1]. If this is the usecase, you need to add the reverse proxy IP and the path to call wso2is not wso2am. If this is not the case, what is the role of APIM within the integration?

[1] https://github.com/conwetlab/ckanext-oauth2/wiki/Integration-between-WSO2-IS-and-CKAN-using-OAuth2