Bypass Superset keycloak OAUTH login page #2225
Comments
|
You can achive by extending the if provider is None:
providers = [k for k in self.appbuilder.sm.oauth_remotes.keys()]
if len(providers) == 1:
provider = providers[0]or simply Since you using superset you have to tell the class CustomSecurityManager(SupersetSecurityManager):
authoauthview = SupersetAuthOAuthViewYou can add the above script in your helm values file without modifying the code base. extraSecrets:
custom_security_manager.py: |-
import logging
import os
import json
from flask_appbuilder import const as c
from superset.security import SupersetSecurityManager
from werkzeug.security import generate_password_hash
import jwt
from typing import Optional
from flask import flash, g, redirect, request, session, url_for
from flask_appbuilder._compat import as_unicode
from flask_appbuilder.security.utils import generate_random_string
from flask_appbuilder.views import expose
from flask_appbuilder.security.views import AuthOAuthView
from werkzeug.wrappers import Response as WerkzeugResponse
log = logging.getLogger(__name__)
class SupersetAuthOAuthView(AuthOAuthView):
@expose("/login/")
@expose("/login/<provider>")
def login(self, provider: Optional[str] = None) -> WerkzeugResponse:
if provider is None:
providers = [k for k in self.appbuilder.sm.oauth_remotes.keys()]
if len(providers) == 1:
provider = providers[0]
log.debug("Provider: %s", provider)
if g.user is not None and g.user.is_authenticated:
log.debug("Already authenticated %s", g.user)
return redirect(self.appbuilder.get_url_for_index)
if provider is None:
return self.render_template(
self.login_template,
providers=self.appbuilder.sm.oauth_providers,
title=self.title,
appbuilder=self.appbuilder,
)
log.debug("Going to call authorize for: %s", provider)
random_state = generate_random_string()
state = jwt.encode(
request.args.to_dict(flat=False), random_state, algorithm="HS256"
)
session["oauth_state"] = random_state
try:
if provider == "twitter":
return self.appbuilder.sm.oauth_remotes[provider].authorize_redirect(
redirect_uri=url_for(
".oauth_authorized",
provider=provider,
_external=True,
state=state,
)
)
else:
return self.appbuilder.sm.oauth_remotes[provider].authorize_redirect(
redirect_uri=url_for(
".oauth_authorized", provider=provider, _external=True
),
state=state.decode("ascii") if isinstance(state, bytes) else state,
)
except Exception as e:
log.error("Error on OAuth authorize: %s", e)
flash(as_unicode(self.invalid_login_message), "warning")
return redirect(self.appbuilder.get_url_for_index)
class CustomSecurityManager(SupersetSecurityManager):
authoauthview = SupersetAuthOAuthView
configOverrides:
enable_oauth: |
from custom_security_manager import CustomSecurityManager
CUSTOM_SECURITY_MANAGER = CustomSecurityManagerI hope this helps you. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I know this has been reported before. I think this is one of the old references : link
The issue is related to all superset version we have in use (2.1.0, 3.1.0 and also 3.1.1). We are deploying superset using helmcharts on kubernetes.
Issue:
We have a superset<-> keycloak integration using OAUTH. When the user logs in superset portal, the user always has to click the only option "SIGN IN WITH KEYCLOAK".
I have seen this behaviour documented in the current Flask-AppBuilder docu .
We dont see the value of this additional screen, especially if there is only one option you have to select.
In case there is a required functionality in this screen, let us know and we will forward this to our users.
Our preference is to bypass the screen to provide a low threshold access to the superset portal.
I appreciate feedback!
The text was updated successfully, but these errors were encountered: