GitHub user dosubot[bot] added a comment to the discussion: How to enable SSO
login using microsoft azure, having xml file of metadata, deploying using
Helmchart
<!-- Answer -->
To implement SSO with Microsoft Azure using a single configuration file in
Apache Superset, you can consolidate your settings into the
`superset_config.py` file. Here's how you can structure it:
### `superset_config.py`
This file will contain all necessary configurations, including OAuth settings
and the custom security manager:
```python
import os
from flask_appbuilder.security.manager import AUTH_OAUTH
import logging
# Set the authentication type to OAuth
AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Public'
# Define the OAuth provider configuration
OAUTH_PROVIDERS = [{
'name': 'azure',
'token_key': 'access_token',
'icon': 'fa-windows',
'remote_app': {
'client_id': os.environ.get('CLIENT_ID'), # Use environment variable
for client ID
'client_secret': os.environ.get('CLIENT_SECRET'), # Use environment
variable for client secret
'api_base_url':
'https://login.microsoftonline.com/your_tenant_id/oauth2',
'access_token_url':
'https://login.microsoftonline.com/your_tenant_id/oauth2/token',
'authorize_url':
'https://login.microsoftonline.com/your_tenant_id/oauth2/authorize',
'client_kwargs': {
'scope': 'openid email name profile User.Read GroupMember.Read.All
upn'
}
}
}]
# Custom security manager class
class CustomSsoSecurityManager:
def oauth_user_info(self, provider, response=None):
logging.debug("Oauth2 provider: {0}.".format(provider))
if provider == 'azure':
me =
self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data
logging.debug("user_data: {0}".format(me))
return {
'name': me['name'],
'email': me['email'],
'id': me['user_name'],
'username': me['user_name'],
'first_name': '',
'last_name': ''
}
# Assign the custom security manager
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
```
### Deployment with Helm
In your Helm chart, ensure that the `superset_config.py` is included as part of
your deployment. You can use a ConfigMap or a Secret to manage this file,
depending on your security requirements. Set the `SUPERSET_CONFIG_PATH`
environment variable to point to this file.
### Environment Variables
Ensure that the environment variables `CLIENT_ID` and `CLIENT_SECRET` are set
in your deployment configuration, either through Kubernetes Secrets or directly
in your Helm chart's `values.yaml` file.
This approach allows you to manage all configurations within a single file,
simplifying deployment and maintenance.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
---
<sup>Help Dosu learn! Give it feedback: [Great
Response](https://app.dosu.dev/response-feedback/56e6a3fa-b279-4295-ac25-b0a6c27e9789?feedback_type=great_response)
| [Irrelevant
Answer](https://app.dosu.dev/response-feedback/56e6a3fa-b279-4295-ac25-b0a6c27e9789?feedback_type=irrelevant_answer)
| [Incorrect
Sources](https://app.dosu.dev/response-feedback/56e6a3fa-b279-4295-ac25-b0a6c27e9789?feedback_type=incorrect_sources)
| [Too
Verbose](https://app.dosu.dev/response-feedback/56e6a3fa-b279-4295-ac25-b0a6c27e9789?feedback_type=too_verbose)
|
[Hallucination](https://app.dosu.dev/response-feedback/56e6a3fa-b279-4295-ac25-b0a6c27e9789?feedback_type=hallucination)
| [Bug
Report](https://app.dosu.dev/response-feedback/56e6a3fa-b279-4295-ac25-b0a6c27e9789?feedback_type=bug_report)
|
[Other](https://app.dosu.dev/response-feedback/56e6a3fa-b279-4295-ac25-b0a6c27e9789?feedback_type=other)</sup>
GitHub link:
https://github.com/apache/superset/discussions/32787#discussioncomment-12574295
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
