GitHub user KodakMaciel created a discussion: Azure SSO
How to resolv? # LOG ``` 2025/12/30 11:53:45 [error] 783#783: *3 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.XX.XX, server: _, request: "GET /oauth-authorized/azure?code=1XXXXXXXXXXXXXXXXXXXXXXX&state=XXXXXXXX&session_state=xxxxxxxxx HTTP/2.0", upstream: "http://127.0.0.1:8080/oauth-authorized/azure?code=xxxxxxxxxx ``` # superset_config.py ``` SECRET_KEY = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXX' LANGUAGES = { 'pt_BR': {'flag': 'br', 'name': 'Português'}, 'en': {'flag': 'us', 'name': 'English'}, 'es': {'flag': 'es', 'name': 'Español'}, } CONTENT_SECURITY_POLICY_WARNING = False ENABLE_PROXY_FIX = True import os import logging from flask_appbuilder.security.manager import AUTH_OAUTH from superset.security import SupersetSecurityManager AUTH_TYPE = AUTH_OAUTH AUTH_USER_REGISTRATION = True AUTH_USER_REGISTRATION_ROLE = "Public" OAUTH_PROVIDERS = [{ "name": "azure", "icon": "fa-windows", "token_key": "access_token", "remote_app": { "client_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX", # Set via env or secret "client_secret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX", # Set via env or secret "api_base_url": "https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/";, "access_token_url": "https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/token";, "authorize_url": "https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize";, "client_kwargs": { "scope": "openid profile email User.Read" } } }] # Optional: Map Azure AD group IDs to Superset roles AUTH_ROLES_MAPPING = { "Azure-Group-Object-ID-1": ["Admin"], "Azure-Group-Object-ID-2": ["Gamma"], # Add more as needed } AUTH_ROLES_SYNC_AT_LOGIN = True ENABLE_PROXY_FIX = True # Important if behind a proxy/load balancer # Optional: Custom security manager for advanced role mapping or user info extraction class CustomSsoSecurityManager(SupersetSecurityManager): def oauth_user_info(self, provider, response=None): if provider == "azure": me = self.appbuilder.sm.oauth_remotes[provider].get("https://graph.microsoft.com/v1.0/me";).json() groups = me.get("groups", []) group_role_map = { "Azure-Group-Object-ID-1": "Admin", "Azure-Group-Object-ID-2": "Gamma", } user_roles = [group_role_map[g] for g in groups if g in group_role_map] return { "username": me.get("userPrincipalName"), "first_name": me.get("givenName", ""), "last_name": me.get("surname", ""), "email": me.get("mail"), "role_keys": user_roles, } return super().oauth_user_info(provider, response) CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager GitHub link: https://github.com/apache/superset/discussions/36870 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
