tucker yates created AIRFLOW-4539:
-------------------------------------
Summary: Implement SAML 2.0 authentication backend
Key: AIRFLOW-4539
URL: https://issues.apache.org/jira/browse/AIRFLOW-4539
Project: Apache Airflow
Issue Type: Improvement
Components: authentication
Reporter: tucker yates
Attachments: saml_auth.py, settings.json
I took a stab at implementing an auth backend for SAML. This utilizes the
python3-saml library ([https://github.com/onelogin/python3-saml]), and as I
don't know a lot about flask_login, I used the existing
[github_enterprise_auth.py|https://github.com/apache/airflow/blob/master/airflow/contrib/auth/backends/github_enterprise_auth.py]
as a template. I got the login process working on an internal test
installation of airflow on ubuntu using python3 and airflow 1.10.3. my code is
garbage and needs some cleanup, and the logout feature doesn't work :D. If
anyone wants to take this and turn it into a proper pull request, please go
ahead.
h1. required setup (ubuntu):
{{sudo apt install libxmlsec1-dev}}
{{pip3 install python3-saml}}
h1. airflow.cfg changes
{{[webserver]}}
{{auth_backend = airflow.contrib.auth.backends.saml_auth}}
{{[saml_auth]}}
{{saml_path = /home/ubuntu/airflow/saml}}
The saml_path specifies a location where a settings.json file sits, which
should contain SAML information for the python3-saml library to load. I tested
this using Azure AD by adding airflow as an enterprise application
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
