Piyush-Fury opened a new issue, #44955:
URL: https://github.com/apache/airflow/issues/44955
### Apache Airflow version
Other Airflow 2 version (please specify below)
### If "Other Airflow 2 version" selected, which one?
2.8.3
### What happened?
Redirect URI ERROR while integrating Airflow with SSO (Authentik)
Below are the configuration i have specified according to my requirements:
# webserver_config.py
from flask_appbuilder.security.manager import AUTH_OAUTH
AUTH_TYPE = AUTH_OAUTH
OAUTH_PROVIDERS = [
{
'name': 'authentik',
'token_key': 'access_token',
'icon': 'fa-address-card',
'remote_app': {
'client_id': '<>',
'client_secret': '<>',
'client_kwargs': {
'scope': 'openid profile email',
},
'access_token_url':
'https://authentik.piyush.today/application/o/token/',
'authorize_url':
'https://authentik.piyush.today/application/o/authorize/',
'api_base_url': 'https://authentik.piyush.today/application/o/',
'redirect_uri':
'https://authentik.piyush.today/oauth-authorized/authentik',
'jwks_uri':
'https://authentik.piyush.today/application/o/customairflow/jwks/',
"server_metadata_url":
"https://authentik.piyush.today/application/o/customairflow/.well-known/openid-configuration";,
"issuer":
"https://authentik.piyush.today/application/o/customairflow/";
}
}
]
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Viewer"
#custom-values.yaml
# Define the Kubernetes Executor
executor: KubernetesExecutor
# -------------------------------
# PostgreSQL Configuration
# -------------------------------
postgresql:
enabled: true
auth:
postgresqlPassword: airflow
postgresqlDatabase: airflow
# -------------------------------
# Redis Configuration (Optional for KubernetesExecutor)
# -------------------------------
redis:
enabled: true
defaultAirflowTag: "2.9.2"
airflowVersion: "2.9.2"
# -------------------------------
# Airflow Configuration
# -------------------------------
migrateDatabaseJob:
enabled: true
ttlSecondsAfterFinished: 300
args:
- "bash"
- "-c"
- |
set -e
echo "Running database migrations..."
airflow db upgrade
airflow db migrate
webserver:
enabled: true
webserverConfigConfigMapName: webserver-config # Correct key name
waitForMigrations:
enabled: false # Disable waitForMigrations for the webserver
scheduler:
waitForMigrations:
enabled: false # Disable waitForMigrations for the schedulerl
workers:
waitForMigrations:
enabled: false # Disable waitForMigrations for workers
triggerer:
waitForMigrations:
enabled: false # Disable waitForMigrations for triggerer
dagProcessor:
waitForMigrations:
enabled: false # Disable waitForMigrations for dagProcessor
# -------------------------------
# Ingress Configuration
# -------------------------------
ingress:
web:
enabled: true
annotations:
alb.ingress.kubernetes.io/scheme: "internet-facing"
alb.ingress.kubernetes.io/target-type: "ip"
alb.ingress.kubernetes.io/load-balancer-name: "aws-alb-airflow"
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
alb.ingress.kubernetes.io/healthcheck-path: /health
alb.ingress.kubernetes.io/success-codes: "200"
alb.ingress.kubernetes.io/manage-backend-security-group-rules: "true"
alb.ingress.kubernetes.io/security-groups: "sg-0e7244a820c5e03ce"
alb.ingress.kubernetes.io/subnets:
"subnet-0e93acffe7efb7530,subnet-064a10482338a08a4,subnet-010368913ca69b726"
path: /
pathType: Prefix
hosts:
- name: lavish.piyush.today
ingressClassName: alb
when i am logging in to lavish.piyush.today the host of my airflow, over
there after Clicking on Sign in with Authentik, it is showing "Redirect URI
Error" but i have correctly specified all the uri's and then too, i am not
getting why it is happening.
### What you think should happen instead?
It should take me to the the SSO and comeback to airflow dashboard after
successful login in sso.
### How to reproduce
.
### Operating System
Windows
### Versions of Apache Airflow Providers
_No response_
### Deployment
Official Apache Airflow Helm Chart
### Deployment details
_No response_
### Anything else?
_No response_
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
