ismnilsonzegarra commented on issue #55612:
URL: https://github.com/apache/airflow/issues/55612#issuecomment-3762206135
I fixed that in keycloak with this steps:
Going to Keycloak > Clients:
airflow-conn client > Client scopes:
Here it has a standard "role" client scope for openID Connect, this one have
all the roles for the user and if the user have many roles o group assign in
this realm, then it comes with the airflow-{Admin,User,Op,Viewer} role plus the
realm assigned roles.
Workarround:
1. Removing in the client scopes the "role" standard.
2. Go to Client Scope and create an "airflow-roles" client scope
Name: airflow-roles
Description: airflow roles for Airlfow Conn client scope
Type: Default
Save and in Mappers tab Add mapper: "client roles"
3. Return to Client airflow-conn > Client Scopes and add the new
"airflow-roles"
With this the loop s fixed.
4. Maybe this could be created with the airflow keycloak-auth-manager ?
Regards,
Joe
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
