Disable SAML2 auth and use default CKAN login system

A-Souhei · A-Souhei · commit 12025773b644 · 2026-01-20T14:08:24.000+03:00
- Pin numpy==1.24.4 and pandas==1.5.3 to fix version mismatch error
- Remove saml2auth from plugins list in adx_config.ini
- Comment out SAML2 configuration settings
- Update ckanext-unaids to remove login_register_catch blueprint
diff --git a/Pipfile b/Pipfile
@@ -75,8 +75,8 @@ pycparser = "==2.20"
 typing-extensions = "==4.12.2"
 ckantoolkit = ">=0.0.3"
 python-slugify = ">=5.0.0"
-numpy = ">=1.21.0"
-pandas = ">=1.4.2"
+numpy = "==1.24.4"
+pandas = "==1.5.3"
 pika = ">=1.1.0"
 pyopenssl = "~=18.0.0"
 pycountry = "==19.8.18"
diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/ckan/adx_config.ini b/ckan/adx_config.ini
@@ -127,7 +127,7 @@ ckan.redis.url = redis://redis:6379/1
 #   Add ``resource_proxy`` to enable resorce proxying and get around the
 #   same origin policy
 # Note: Plugins to the left take precendence over plugins to the right!!! Opposite to what you might expect.
-ckan.plugins = activity unaids fork scheming_datasets blob_storage saml2auth emailasusername restricted authz_service stats
+ckan.plugins = activity unaids fork scheming_datasets blob_storage emailasusername restricted authz_service stats
   text_view image_view datatables_view unaids_recline_view
   resource_proxy datastore datapusher
   validation ytp_request pages dhis2harvester_plugin dhis2_pivot_tables_harvester harvest versions
@@ -298,15 +298,15 @@ ckan.hide_activity_from_users = %(ckan.site_id)s
 ## Email settings
 email_to = support@fjelltopp.org
 
-# SAML2.0
-ckanext.saml2auth.idp_metadata.location = remote
-ckanext.saml2auth.idp_metadata.remote_url = https://hivtools.eu.auth0.com/samlp/metadata/lMiD8vQo1OZUPJEzd5hPvcxgTMkyY7YS
-ckanext.saml2auth.idp_metadata.remote_cert = /etc/ckan/saml_idp.crt
-ckanext.saml2auth.user_fullname = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/fullname
-ckanext.saml2auth.user_email = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
-ckanext.saml2auth.want_response_signed = False
-ckanext.saml2auth.want_assertions_signed = True
-ckanext.saml2auth.logout_requests_signed = False
+# SAML2.0 - DISABLED (using CKAN default authentication)
+# ckanext.saml2auth.idp_metadata.location = remote
+# ckanext.saml2auth.idp_metadata.remote_url = https://hivtools.eu.auth0.com/samlp/metadata/lMiD8vQo1OZUPJEzd5hPvcxgTMkyY7YS
+# ckanext.saml2auth.idp_metadata.remote_cert = /etc/ckan/saml_idp.crt
+# ckanext.saml2auth.user_fullname = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/fullname
+# ckanext.saml2auth.user_email = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
+# ckanext.saml2auth.want_response_signed = False
+# ckanext.saml2auth.want_assertions_signed = True
+# ckanext.saml2auth.logout_requests_signed = False
 # ckanext.saml2auth.key_file_path = /etc/ckan/saml.key
 # ckanext.saml2auth.cert_file_path = /etc/ckan/saml.crt
 # Uncomment the internal login option to enable log in in offline mode
diff --git a/submodules/ckanext-unaids b/submodules/ckanext-unaids
@@ -1 +1 @@
-Subproject commit a17b7ef76da841e752c3e5ccca1332a644ac09ea
+Subproject commit 7fac569b01717cbd30881bb19617c2223e592067
