GitHub user sujeeth62 created a discussion: Can Superset support authentication
via REMOTE_USER and authorization via AD groups together?
Hi Superset community 👋
We’re running Superset inside Google Kubernetes Engine (GKE) and want to
integrate it with Active Directory (AD) in the following way:
1. Authentication:
• Handled by an upstream proxy (e.g. NGINX Ingress, OAuth2 Proxy,
Envoy).
• Proxy authenticates the user against AD (Kerberos/SSO/OIDC).
• It sets the REMOTE_USER header with the authenticated username
(e.g. al...@company.com).
• Superset is configured with AUTH_TYPE = AUTH_REMOTE_USER to
trust this identity.
2. Authorization:
• Once Superset receives the REMOTE_USER, it should query AD/LDAP
to fetch the user’s groups.
• Those AD groups should map to Superset roles (e.g. Admin,
Gamma, etc.) via AUTH_ROLES_MAPPING.
Questions
• Does Superset currently support combining AUTH_REMOTE_USER for
authentication with AD/LDAP lookups for authorization in the same deployment?
• If not directly, what’s the recommended pattern to achieve this
(e.g. extending SupersetSecurityManager)?
• Are there any best practices around caching LDAP group lookups
for performance?
Any guidance or examples would be much appreciated!
GitHub link: https://github.com/apache/superset/discussions/35040
----
This is an automatically sent email for notifications@superset.apache.org.
To unsubscribe, please send an email to:
notifications-unsubscr...@superset.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org
