chandrasekharjandhyam commented on issue #17187: URL: https://github.com/apache/superset/issues/17187#issuecomment-1629409418
> @suddjian I am curious about this new embedded feature. Does it require that all users are precreated on the SS application before a dashboard can be accessed from an iframe in the host app? > > I have successfully embedded SS reports in our app using standard OAuth SSO. I had to write some custom python code in the values.yaml which the helm install injects into superset_config.py, but after that it works like a charm and does not require the user to be precreated in SS or to login to view reports. > > I use a shared OAuth service provider, Keycloak in my case, which our app uses to request the JWT access token and operates no differently than when using Google or some other authentication provider for SSO capability. I simply have to pass the signed JWT as an access token parameter with each dashboard URL request, which of course contain the user's scoped info and appropriate roles, and our dashboards are protected using the SS dashboard role-based access feature. New users are created on the fly and SS roles are updated from the JWT token as needed, so very minimal ongoing coordination needed between our app and the SS app as our user base grows, which was an important requirement for our use case. We cannot precreate or have to manage users in SS beyond standard OAuth capacity. > > I have attached a screen capture of our app showing an example SS report embedded in an iframe. We are still iterating on the UI and style of the SS reports for a better experience, but this demonstrates the point. > > <img alt="image" width="1443" src="https://user-images.githubusercontent.com/768977/173165660-cb94d93b-055b-4fe0-848a-e91ea4ae3b34.png";> Hi Shenrie , could you please provide the custom code that you have developed to use SSO and get JWT token for embedding, from official rest api documentation, login API does not support SSO based authentication. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
![https://user-images.githubusercontent.com/768977/173165660-cb94d93b-055b-4fe0-848a-e91ea4ae3b34.png"](https://user-images.githubusercontent.com/768977/173165660-cb94d93b-055b-4fe0-848a-e91ea4ae3b34.png"){kind=link}