Re: [D] How to enable SSO login using microsoft azure, having xml file of metadata, deploying using Helmchart [superset]

via GitHub Sat, 05 Apr 2025 10:39:55 -0700


GitHub user dosubot[bot] added a comment to the discussion: How to enable SSO 
login using microsoft azure,  having xml file of metadata, deploying using 
Helmchart


<!-- Answer -->
I couldn't find specific instructions for the file structure and complete code 
for YAML and Python files related to enabling SSO with Microsoft Azure using 
Helm charts in the Apache Superset repository. However, I can provide a general 
guideline on how you might structure your files and configurations:

### File Structure

Here's a suggested file structure for deploying Apache Superset with SSO using 
Helm charts:

```
superset-helm/
│
├── charts/
│   └── superset/
│       ├── templates/
│       │   ├── deployment.yaml
│       │   ├── service.yaml
│       │   └── configmap.yaml
│       ├── values.yaml
│       └── Chart.yaml
│
└── config/
    ├── superset_config.py
    └── custom_sso_security_manager.py
```

### YAML Configuration

**`values.yaml`**

This file contains the configuration values for your Helm chart. You can 
include environment variables and other settings here:

```yaml
configOverrides:
  SUPERSET_CONFIG_PATH: /app/superset_config.py

extraEnv:
  - name: SUPERSET_CONFIG_PATH
    value: /app/superset_config.py

extraSecretEnv:
  - name: CLIENT_ID
    valueFrom:
      secretKeyRef:
        name: azure-sso-secret
        key: client_id
  - name: CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        name: azure-sso-secret
        key: client_secret
```

**`configmap.yaml`**

This file can be used to create a ConfigMap for your `superset_config.py`:

```yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: superset-config
data:
  superset_config.py: |
    from custom_sso_security_manager import CustomSsoSecurityManager
    CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
```

### Python Configuration

**`superset_config.py`**

This file contains your Superset configuration, including the custom security 
manager:

```python
from custom_sso_security_manager import CustomSsoSecurityManager

AUTH_TYPE = AUTH_OAUTH
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Public'

OAUTH_PROVIDERS = [{
    'name': 'azure',
    'token_key': 'access_token',
    'icon': 'fa-windows',
    'remote_app': {
        'client_id': os.environ.get('CLIENT_ID'),
        'client_secret': os.environ.get('CLIENT_SECRET'),
        'api_base_url': 
'https://login.microsoftonline.com/your_tenant_id/oauth2',
        'access_token_url': 
'https://login.microsoftonline.com/your_tenant_id/oauth2/token',
        'authorize_url': 
'https://login.microsoftonline.com/your_tenant_id/oauth2/authorize',
        'client_kwargs': {
            'scope': 'openid email name profile User.Read GroupMember.Read.All 
upn'
        }
    }
}]

CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
```

**`custom_sso_security_manager.py`**

This file implements the custom security manager:

```python
from flask_appbuilder.security.manager import AUTH_OAUTH
import logging

class CustomSsoSecurityManager:
    def oauth_user_info(self, provider, response=None):
        logging.debug("Oauth2 provider: {0}.".format(provider))
        if provider == 'azure':
            me = 
self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data
            logging.debug("user_data: {0}".format(me))
            return {
                'name': me['name'],
                'email': me['email'],
                'id': me['user_name'],
                'username': me['user_name'],
                'first_name': '',
                'last_name': ''
            }
```

This is a general guideline and may need to be adjusted based on your specific 
requirements and environment.


<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*

---
<sup>Help Dosu learn! Give it feedback: [Great 
Response](https://app.dosu.dev/response-feedback/2ca48da2-8e20-4364-9175-5bee4aaa9c26?feedback_type=great_response)
 | [Irrelevant 
Answer](https://app.dosu.dev/response-feedback/2ca48da2-8e20-4364-9175-5bee4aaa9c26?feedback_type=irrelevant_answer)
 | [Incorrect 
Sources](https://app.dosu.dev/response-feedback/2ca48da2-8e20-4364-9175-5bee4aaa9c26?feedback_type=incorrect_sources)
 | [Too 
Verbose](https://app.dosu.dev/response-feedback/2ca48da2-8e20-4364-9175-5bee4aaa9c26?feedback_type=too_verbose)
 | 
[Hallucination](https://app.dosu.dev/response-feedback/2ca48da2-8e20-4364-9175-5bee4aaa9c26?feedback_type=hallucination)
 | [Bug 
Report](https://app.dosu.dev/response-feedback/2ca48da2-8e20-4364-9175-5bee4aaa9c26?feedback_type=bug_report)
 | 
[Other](https://app.dosu.dev/response-feedback/2ca48da2-8e20-4364-9175-5bee4aaa9c26?feedback_type=other)</sup>


GitHub link: 
https://github.com/apache/superset/discussions/32787#discussioncomment-12574116

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: 
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [D] How to enable SSO login using microsoft azure, having xml file of metadata, deploying using Helmchart [superset]

Reply via email to