[
https://issues.apache.org/jira/browse/AIRFLOW-4539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16927283#comment-16927283
]
yuk commented on AIRFLOW-4539:
------------------------------
Is role base authorization available in saml based authentication ?
> Implement SAML 2.0 authentication backend
> -----------------------------------------
>
> Key: AIRFLOW-4539
> URL: https://issues.apache.org/jira/browse/AIRFLOW-4539
> Project: Apache Airflow
> Issue Type: Improvement
> Components: authentication
> Reporter: tucker yates
> Priority: Minor
> Labels: SAML, authentication
> Attachments: saml_auth.py, settings.json
>
> Original Estimate: 120h
> Remaining Estimate: 120h
>
> I took a stab at implementing an auth backend for SAML. This utilizes the
> python3-saml library ([https://github.com/onelogin/python3-saml]), and as I
> don't know a lot about flask_login, I used the existing
> [github_enterprise_auth.py|https://github.com/apache/airflow/blob/master/airflow/contrib/auth/backends/github_enterprise_auth.py]
> as a template. I got the login process working on an internal test
> installation of airflow on ubuntu using python3 and airflow 1.10.3. my code
> is garbage and needs some cleanup, and the logout feature doesn't work :D. If
> anyone wants to take this and turn it into a proper pull request, please go
> ahead.
> h1. required setup (ubuntu):
> {{sudo apt install libxmlsec1-dev}}
> {{pip3 install python3-saml}}
> h1. airflow.cfg changes
> {{[webserver]}}
> {{auth_backend = airflow.contrib.auth.backends.saml_auth}}
> {{[saml_auth]}}
> {{saml_path = /home/ubuntu/airflow/saml}}
> The saml_path specifies a location where a settings.json file sits, which
> should contain SAML information for the python3-saml library to load. I
> tested this using Azure AD by adding airflow as an enterprise application
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
