GitHub user dosubot[bot] added a comment to the discussion: How to enable SSO
login using microsoft azure, having xml file of metadata, deploying using
Helmchart
<!-- Answer -->
To configure SSO with Microsoft Azure using a single `fileName.yaml` for your
Helm deployment, you can include all necessary configurations directly in this
YAML file. Here's an example of how you might structure it:
```yaml
# fileName.yaml
# Configuration for Superset
configOverrides:
SUPERSET_CONFIG_PATH: /app/superset_config.py
# Environment variables for OAuth
extraEnv:
- name: SUPERSET_CONFIG_PATH
value: /app/superset_config.py
# Use Kubernetes Secrets for sensitive information
extraSecretEnv:
- name: CLIENT_ID
valueFrom:
secretKeyRef:
name: azure-sso-secret
key: client_id
- name: CLIENT_SECRET
valueFrom:
secretKeyRef:
name: azure-sso-secret
key: client_secret
# Custom configuration for OAuth with Microsoft Azure
configOverrides:
enable_oauth: |
from flask_appbuilder.security.manager import AUTH_OAUTH
import logging
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Public'
OAUTH_PROVIDERS = [{
'name': 'azure',
'token_key': 'access_token',
'icon': 'fa-windows',
'remote_app': {
'client_id': os.environ.get('CLIENT_ID'),
'client_secret': os.environ.get('CLIENT_SECRET'),
'api_base_url':
'https://login.microsoftonline.com/your_tenant_id/oauth2',
'access_token_url':
'https://login.microsoftonline.com/your_tenant_id/oauth2/token',
'authorize_url':
'https://login.microsoftonline.com/your_tenant_id/oauth2/authorize',
'client_kwargs': {
'scope': 'openid email name profile User.Read
GroupMember.Read.All upn'
}
}
}]
class CustomSsoSecurityManager:
def oauth_user_info(self, provider, response=None):
logging.debug("Oauth2 provider: {0}.".format(provider))
if provider == 'azure':
me =
self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data
logging.debug("user_data: {0}".format(me))
return {
'name': me['name'],
'email': me['email'],
'id': me['user_name'],
'username': me['user_name'],
'first_name': '',
'last_name': ''
}
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
```
### Key Points:
- **Environment Variables**: Use `extraEnv` and `extraSecretEnv` to manage
environment variables, especially for sensitive data like `CLIENT_ID` and
`CLIENT_SECRET`.
- **OAuth Configuration**: The `configOverrides` section includes the necessary
Python code to configure OAuth with Microsoft Azure.
- **Security Manager**: The custom security manager is defined within the
`configOverrides` to handle user information retrieval.
Ensure that your Kubernetes cluster has the necessary secrets
(`azure-sso-secret`) set up to provide the `client_id` and `client_secret`.
Adjust the paths and values according to your specific deployment setup.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
---
<sup>Help Dosu learn! Give it feedback: [Great
Response](https://app.dosu.dev/response-feedback/b05aea44-46eb-48de-9b29-9468a2c5569c?feedback_type=great_response)
| [Irrelevant
Answer](https://app.dosu.dev/response-feedback/b05aea44-46eb-48de-9b29-9468a2c5569c?feedback_type=irrelevant_answer)
| [Incorrect
Sources](https://app.dosu.dev/response-feedback/b05aea44-46eb-48de-9b29-9468a2c5569c?feedback_type=incorrect_sources)
| [Too
Verbose](https://app.dosu.dev/response-feedback/b05aea44-46eb-48de-9b29-9468a2c5569c?feedback_type=too_verbose)
|
[Hallucination](https://app.dosu.dev/response-feedback/b05aea44-46eb-48de-9b29-9468a2c5569c?feedback_type=hallucination)
| [Bug
Report](https://app.dosu.dev/response-feedback/b05aea44-46eb-48de-9b29-9468a2c5569c?feedback_type=bug_report)
|
[Other](https://app.dosu.dev/response-feedback/b05aea44-46eb-48de-9b29-9468a2c5569c?feedback_type=other)</sup>
GitHub link:
https://github.com/apache/superset/discussions/32787#discussioncomment-12574329
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
