Allows AAF (Australian Access Federation) authentication to log into a CKAN installation
by Louis des Landes (Swinburne University)





Latest Version

Supported Python versions

Development Status



Allows AAF (Australian Access Federation) authentication to log into a CKAN installation.


Tested with CKAN 2.5.1, should be fairly easy to port across versions as the codebase is quite small - PR’s welcome! Requires an AAF ‘Rapid Conect’ application to be setup (see or For a live installation, will require SSL (as AAF will not allow callbacks to a non SSL URL)


To install ckanext-aaf:

  1. Activate your CKAN virtual environment, for example:

    . /usr/lib/ckan/default/bin/activate
  2. Install the ckanext-aaf Python package into your virtual environment:

    pip install ckanext-aaf
  3. Add aaf to the ckan.plugins setting in your CKAN config file (by default the config file is located at /etc/ckan/default/production.ini).
  4. Setup config settings (described below), required to decode the JWT tokens passed back by AAF.
  5. Restart CKAN. For example if you’ve deployed CKAN with Apache on Ubuntu:

    sudo service apache2 reload

Config Settings

These settings are required (the settings below will not work, register your own application!):

# The unique URL given by AAF Rapid Connect (get one from or
ckanext.aaf.url =
# The secret used to set up the above URL
ckanext.aaf.secret = asdfasdf#$#$#$asdfasdf
# The URL of your application, as provided to Rapid Connect (doesn't have to match the callback URL)
# Note this must match *exactly* what was provided to Rapid Connect - check the trailing slash!
ckanext.aaf.aud =

These settings are optional:

# Enables use of aaf's test rapid connect service 
# (defaults to using the live one )
ckanext.aaf.debug = False
# Allows overriding of 'ckan.auth.create_user_via_web' so that AAF users can be
# created even if normal registrations are disabled. Defaults to False
ckanext.aaf.allow_creation_always = False

Development Installation

To install ckanext-aaf for development, activate your CKAN virtualenv and do:

git clone
cd ckanext-aaf
pip install -e .
pip install -r dev-requirements.txt

Running the Tests

To run the tests, do:

nosetests --nologcapture --with-pylons=test.ini

To run the tests and produce a coverage report, first make sure you have coverage installed in your virtualenv (pip install coverage) then run:

nosetests --nologcapture --with-pylons=test.ini --with-coverage --cover-package=ckanext.aaf --cover-inclusive --cover-erase --cover-tests

Releasing a New Version of ckanext-aaf

ckanext-aaf is availabe on PyPI as To publish a new version to PyPI follow these steps:

  1. Update the version number in the file. See PEP 440 for how to choose version numbers.
  2. Create a source distribution of the new version:

    python sdist
  3. Upload the source distribution to PyPI:

    python sdist upload
  4. Tag the new release of the project on GitHub with the version number from the file. For example if the version number in is 0.0.2 then do:

    git tag -a 0.0.2
    git push --tags

Recent Activity