gioargyr commented on issue #27918: URL: https://github.com/apache/superset/issues/27918#issuecomment-2043135843
I just managed to solve my problem. The solution is in defining the right way `api_base_url`. While digging deep in Flask-AppBuilder, I managed to find documentation about it. The only one who was mentioning it the right way: https://github.com/dpgaspar/Flask-AppBuilder/blob/master/docs/security.rst As for the Helm values I override for Keycloak on Superset, is the following: _fyi: I only include here whatever is related to having Keycloak on Superset, no my whole values.yaml file_ _Also, I have no configuration about roles and users yet._ ``` supersetNode: replicaCount: 1 # Install libraries for supporting authorization through Keycloak command: - /bin/sh - -c - | pip install Flask-OAuthlib Authlib google-api-python-client . {{ .Values.configMountPath }}/superset_bootstrap.sh; /usr/bin/run-server.sh supersetWorker: replicaCount: 1 # Install libraries for supporting authorization through Keycloak command: - /bin/sh - -c - | pip install Flask-OAuthlib Authlib . {{ .Values.configMountPath }}/superset_bootstrap.sh; celery --app=superset.tasks.celery_app:app worker configOverrides: enable-https: | ENABLE_PROXY_FIX = True enable_oauth: | from flask_appbuilder.security.manager import (AUTH_DB, AUTH_OAUTH) AUTH_TYPE = AUTH_OAUTH OAUTH_PROVIDERS = [ { "name": "keycloak", "icon": "fa-google", "token_key": "access_token", "remote_app": { "client_id": "<keycloak_client_name>", "client_secret": "<keycloak_client_secret>", "client_kwargs": {"scope": "openid email profile"}, "api_base_url": "https://<my_domain>/realms/<realm_name>/protocol/openid-connect", "authorize_url": "https://<my_domain>/realms/<realm_name>/protocol/openid-connect/auth", "access_token_url": "https://<my_domain>/realms/<realm_name>/protocol/openid-connect/token", 'jwks_uri': "https://<my_domain>/realms/<realm_name>/protocol/openid-connect/certs", "request_token_url": None, } } ] # Will allow user self registration, allowing to create Flask users from Authorized User AUTH_USER_REGISTRATION = True # The default user self registration role AUTH_USER_REGISTRATION_ROLE = "Public" init: initscript: |- #!/bin/sh set -eu echo "Install libs for supporting Keycloak" pip install Flask-OAuthlib Authlib echo "Upgrading DB schema..." superset db upgrade echo "Initializing roles..." superset init {{ if .Values.init.createAdmin }} echo "Creating admin user..." superset fab create-admin \ --username {{ .Values.init.adminUser.username }} \ --firstname {{ .Values.init.adminUser.firstname }} \ --lastname {{ .Values.init.adminUser.lastname }} \ --email {{ .Values.init.adminUser.email }} \ --password {{ .Values.init.adminUser.password }} \ || true {{- end }} {{ if .Values.init.loadExamples }} echo "Loading examples..." superset load_examples {{- end }} if [ -f "{{ .Values.extraConfigMountPath }}/import_datasources.yaml" ]; then echo "Importing database connections.... " superset import_datasources -p {{ .Values.extraConfigMountPath }}/import_datasources.yaml fi ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
