potiuk commented on issue #54098: URL: https://github.com/apache/airflow/issues/54098#issuecomment-3163446332
> It is understandable that there will be breaking changes in major version changes, and I suppose it is the responsibility of the community as a whole to overcome the bugs and lack of documentation. I myself would be happy to provide some contribution once I have a better understanding of Airflow internals and also of authentication mechanisms. I think the Keycloak-related example provided [here](https://airflow.apache.org/docs/apache-airflow-providers-fab/stable/auth-manager/webserver-authentication.html) is very helpful and is somewhat similar to what @rg2609 has tried above. What would be even better is if we could update it to reflect how such an authentication mechanism can be implemented in Airflow v3+ using the FAB auth manager. Absolutely .... and feel absiolutely free to update it - again users who struggled with the configuration and their expectations and who solved the problems are the best to update the documentation - and help other users. It's as easy as clicking "Suggest a change on this page" and PR will be opened for you and you can even update the .rst documentation directly in the Github UI without having any setup for local development. Very much like writing a comment in an issue. In many cases it's easier to add the documentation than to write "documentation should be updated" because people who struggled with it and solved their problems probably know best how to describe it in the way that others struggling in similar ways will get helped. > Also, I would like to know more about the KeyCloak Auth-manager that might be available in Airflow 3.1. Is it supposed to be a generic auth manager like FAB that can support different authentication providers/mechanisms, or will it only support Keycloak-based mechanisms? In my case, we use Authentik idP in our organization for SSO (OIDC/OAuth), and I would be interested in integrating it with Airflow v3 either through FAB auth manager or the upcoming Keycloak auth manager. Absolutely... https://cwiki.apache.org/confluence/display/AIRFLOW/AIP-56+Extensible+user+management is the AIP that implemented Auth Manager interface and FAB has been moved out and implements it and now the last step of this AIP is being implemented - KeyCloak Auth Manager. Project is here https://github.com/orgs/apache/projects/500 (almost complete) implemetnation is here: https://github.com/apache/airflow/tree/main/providers/keycloak - and you can take a look, review, comment and start discussions about it. I think @vincbeck and @bugraoz93 would be very happy if you could take the current version from main to a spin, try it out and start any discussions on improving it or missing features @somas193. One of the things we miss when we (maintainers) add some new features is lack of community engagement and feedback - so we release things with the level of docs and implementation that we **hope** is good, but here is your chance to try out what we have and not only provide feedbac k and help to update documentation before, but also maybe even implement things if they are missing. All in your hands. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
