bgshacklett opened a new issue, #59475: URL: https://github.com/apache/airflow/issues/59475
### What do you see as an issue? The page: https://airflow.apache.org/docs/apache-airflow-providers-fab/3.0.3/auth-manager/webserver-authentication.html contains these two statements: One noting that the webserver_config.py file is no-longer used: > The legacy webserver_config.py file referenced in older docs is no longer used in recent versions of Airflow. Authentication is handled via the new auth_manager framework configured in airflow.cfg. Another, suggesting that it will be automatically generated with what seems to be an incompatible setting for SSO deployments: > A webserver_config.py file is automatically generated and can be used to configure FAB auth manager to support OAuth, OpenID, LDAP… > Default: AUTH_TYPE = AUTH_DB (note: this does not appear to be true in our case. No webserver_config.py is visible within the running container) In the SSO guide (https://airflow.apache.org/docs/apache-airflow-providers-fab/3.0.3/auth-manager/sso.html) * There is no mention of webserver_config.py * It suggests SSO should work via AIRFLOW__FAB__OAUTH_PROVIDERS, AIRFLOW__CORE__AUTH_MANAGER, etc. * There is no indication that AUTH_TYPE = AUTH_OAUTH must be set in Python config for OAuth to activate This all tracks with the original statement that the webserver_config.py file is no-longer used. However, in Airflow 3.0.x: * FAB does not appear to activate OAuth withe the suggested configuration in place. * I am unable to find any airflow.cfg equivalent of the AUTH_TYPE setting, which would need to be modified if, indeed, a default webserver_config.py is generated with `AUTH_TYPE=AUTH_DB`. * Our current deployment, which is relying on the environment variable equivalents of `airflow.cfg` does not appear to be activating OAuth at all. ### Solving the problem * Clarify whether FAB still requires webserver_config.py for SSO mode selection (AUTH_TYPE, AUTH_* variables) * Update SSO guide to indicate where these settings must live * Reconcile statement that "webserver_config.py is no longer used" with the fact that OAuth/LDAP examples still appear to rely on it * If the long-term intent is to move these settings into airflow.cfg, document current limitations and future direction ### Anything else _No response_ ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
