GitHub user qadez11 added a comment to the discussion: OAUTH ADFS
If someone needs an example for [kubernetes helm](https://superset.apache.org/docs/installation/kubernetes) OAuth setup requires that the [authlib](https://authlib.org/) Python library is installed. This can be done using pip by updating the bootstrapScript. ```yaml bootstrapScript: | #!/bin/bash pip install .[postgres] \ .[bigquery] \ .[elasticsearch] \ Authlib &&\ if [ ! -f ~/bootstrap ]; then echo "Running Superset with uid {{ .Values.runAsUser }}" > ~/bootstrap; fi ``` ```yaml configOverrides: enable_oauth: | import sys sys.path.append('/app/configs/') # Import the custom security manager from flask_appbuilder.security.manager import AUTH_OAUTH from custom_sso_security_manager import CustomSsoSecurityManager # Enable proxy fix for proper redirect URI handling ENABLE_PROXY_FIX = True # Set custom security manager CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager # Configure authentication AUTH_TYPE = AUTH_OAUTH AUTH_USER_REGISTRATION = True AUTH_ROLE_ADMIN = 'Admin' AUTH_ROLE_PUBLIC = 'Public' AUTH_USER_REGISTRATION_ROLE = "Public" # Adjust as needed # ADFS OAuth provider configuration OAUTH_PROVIDERS = [ { 'name': 'adfs', 'icon': 'fa-windows', 'token_key': 'access_token', 'remote_app': { 'client_id': os.getenv('ADFS_CLIENT_ID'), 'client_secret': os.getenv('ADFS_CLIENT_SECRET'), 'client_kwargs': { 'scope': 'openid profile email' }, 'server_metadata_url': 'https://fs.cloud.example.com/adfs/.well-known/openid-configuration', 'api_base_url': 'https://fs.cloud.example.com/adfs/', 'access_token_url': 'https://fs.cloud.example.com/adfs/oauth2/token/', 'authorize_url': 'https://fs.cloud.example.com/adfs/oauth2/authorize/', 'jwks_uri': 'https://fs.cloud.example.com/adfs/discovery/keys', 'userinfo_endpoint': 'https://fs.cloud.example.com/adfs/userinfo', 'access_token_method': 'POST' } } ] ``` Then, create a CustomSsoSecurityManager that extends SupersetSecurityManager and overrides oauth_user_info: ```yaml extraConfigs: custom_sso_security_manager.py: | import logging from superset.security import SupersetSecurityManager class CustomSsoSecurityManager(SupersetSecurityManager): def oauth_user_info(self, provider, response=None): logging.debug("Oauth2 provider: {0}".format(provider)) if provider == 'adfs': # Get user info from ADFS allTokensArray = self.appbuilder.sm.oauth_remotes[provider].token me = allTokensArray.get('userinfo') logging.debug("user_data: {0}".format(me)) return { 'name': me.get('name', ''), 'email': me.get('email', ''), 'id': me.get('upn', ''), 'username': me.get('unique_name', ''), 'first_name': me.get('given_name', ''), 'last_name': me.get('family_name', '') } ``` GitHub link: https://github.com/apache/superset/discussions/25784#discussioncomment-12938955 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
