[ckan-discuss] CKAN Basic Authentication bug

Wed Aug 7 15:17:57 BST 2013

Hej guys,

Thx to both the David's for their response, I'll try the last solution that
alters the apache.wsgi and get back to you whether or not this was a
solution to my problem. If this works I'll update my stackoverflow question
as well, and if I can credit David for provding an answer.

Thanks!

On Wed, Aug 7, 2013 at 4:11 PM, Jan Vansteenlandt <
vansteenlandt.jan at gmail.com> wrote:

> Hej guys,
>
> Thx to both the David's for their response, I'll try the last solution
> that alters the apache.wsgi and get back to you whether or not this was a
> solution to my problem. If this works I'll update my stackoverflow question
> as well, and if I can credit David for provding an answer.
>
> Thanks!
>
>
> On Wed, Aug 7, 2013 at 4:06 PM, David Raznick <david.raznick at okfn.org>wrote:
>
>> Hello
>>
>> I think there is a simple way of fixing this.  The issue is than mod_wsgi
>> adds REMOTE_USER to the environ and our auth will take that and try and
>> match it to a user.
>>
>>
>> https://github.com/okfn/ckanext-geodatagov/blob/master/deployment/etc/ckan/apache.wsgi#L13
>>
>> Taking lines 13,14,15,17 from the above and putting at the end of your
>> apache.wsgi file should stop this from happening.  When posting the CKAN
>> api you will need to use the  X-CKAN-API-Key header or specify another
>> header in the config file.
>>
>> Thanks
>>
>> David
>>
>>
>> On 7 August 2013 13:39, David Read <david.read at hackneyworkshop.com>wrote:
>>
>>> I guess this is because sets the Authorization header, which the web
>>> interface seems to be picking up. I don't think CKAN using this header
>>> is an abuse of HTTP (although correct me if I'm wrong), so having the
>>> Basic Auth on top of CKAN is just a use case that hasn't been
>>> considered before. I expect this could be solved relatively easily in
>>> the CKAN code, so do dive in or commission someone to submit a
>>> suitable pull request.
>>>
>>> David
>>>
>>> On 5 August 2013 14:02, Jan Vansteenlandt <jan at okfn.be> wrote:
>>> > Hi all,
>>> >
>>> > I've got the following problem for which I couldn't find any solutions
>>> > online. I have installed a CKAN on a webserver and it's necessary that
>>> > before anyone can even enter the CKAN instance they should enter their
>>> Basic
>>> > Authentication credentials first.
>>> >
>>> > This is easily done by providing an location tag with auth modules in
>>> the
>>> > .htaccess of the virtualhost. Now, as this works nicely once for after
>>> > authentication I get to see my CKAN instance, it doesn't allow me to
>>> log
>>> > into CKAN itself. If I hit the login button, it returns a too many
>>> redirects
>>> > and if I hit register it tells me I'm already logged in....even though
>>> I get
>>> > no panel or anything. So it thinks I'm already logged in because of the
>>> > server Basic Authentication in front of the CKAN instance.
>>> >
>>> > So my question is, is this normal behaviour, I think a Basic
>>> Authentication
>>> > shouldn't be influencing with the internal authentication of CKAN? If
>>> this
>>> > however is indeed not possible, what would you suggest to allow for
>>> similar
>>> > behaviour, so that people first have to log in before being able to
>>> see the
>>> > CKAN itself.
>>> >
>>> > I'm working on a 2.0.1 version of CKAN.
>>> >
>>> > Best regards,
>>> >
>>> > Jan
>>> >
>>> > _______________________________________________
>>> > ckan-discuss mailing list
>>> > ckan-discuss at lists.okfn.org
>>> > http://lists.okfn.org/mailman/listinfo/ckan-discuss
>>> > Unsubscribe: http://lists.okfn.org/mailman/options/ckan-discuss
>>> >
>>>
>>> _______________________________________________
>>> ckan-discuss mailing list
>>> ckan-discuss at lists.okfn.org
>>> http://lists.okfn.org/mailman/listinfo/ckan-discuss
>>> Unsubscribe: http://lists.okfn.org/mailman/options/ckan-discuss
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-discuss/attachments/20130807/498cfdef/attachment.htm>