GitHub user dosubot[bot] added a comment to the discussion: Superset SSO login is not working after upgrading it to 6.1.0rc1, lending it to username and password page
<!-- Answer --> Yes — I've looked into this. Your SAML SSO breaking in 6.1.0rc1 is a **known regression** caused by how Superset 6.x registers authentication views. In v6, Superset unconditionally registers a unified `SupersetAuthView` at `/login/`, which **overrides your custom `authdbview` attribute** [[1]](https://github.com/apache/superset/discussions/38199) [[2]](https://github.com/apache/superset/discussions/37057). This is why it falls back to the username/password page instead of initiating your SAML flow. **The fix is [PR #39098](https://github.com/apache/superset/pull/39098)** (merged April 6, 2026), which introduced two opt-out flags [[3]](https://github.com/apache/superset/pull/39098): ```python class SAMLSSOSecurityManager(SupersetSecurityManager): register_superset_auth_view = False # Prevents default auth view from overriding yours register_superset_registeruser_view = False authdbview = AuthSAMLView ``` However, **this fix is likely NOT included in 6.1.0rc1** since the PR was merged after that release [[4]](https://github.com/apache/superset/pull/39098). **Your options:** 1. **Upgrade to a newer build** that includes PR #39098 (e.g., 6.1.0rc2 or GA, or build from `master`). 2. **Manually patch** your 6.1.0rc1 installation — apply the changes from PR #39098 to `superset/security/manager.py` (add the two flags and make the `register_views()` method conditional), then set `register_superset_auth_view = False` in your `SAMLSSOSecurityManager`. 3. **Use `FLASK_APP_MUTATOR` as a workaround** — bypass the broken view registration by intercepting requests before they hit the default login page [[1]](https://github.com/apache/superset/discussions/38199): ```python def FLASK_APP_MUTATOR(app): @app.before_request def redirect_to_sso(): from flask import request, redirect if request.path == "/login/" and request.method == "GET": # Trigger your SAML SP-initiated flow here ... ``` Additionally, if you use `self.get_session()` anywhere in custom code, note that FAB 5.x changed this to `self.session` [[5]](https://github.com/apache/superset/pull/35290). Option 1 (upgrading) is the cleanest path forward. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=reply-with-mention&utm_term=apache%2Fsuperset).* --- Share context across your team and agents. Try [Dosu](https://dosu.dev?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-tagline&utm_term=apache%2Fsuperset). [](https://app.dosu.dev/response-feedback?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-feedback&utm_term=apache%2Fsuperset&message_id=152b0064-4744-459c-be37-32f95ead03b0) [](https://github.dosu.com/apache/superset?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-learn-repo&utm_term=apache%2Fsuperset) [](https://app.dosu.dev/signup?referrer=openSource&source=github-footer&utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-add-team&utm_term=apache%2Fsuperset) GitHub link: https://github.com/apache/superset/discussions/39948#discussioncomment-16841002 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
