Add support for SAML auth backend

[eladkal]

Body

Previously also asked in Jira https://issues.apache.org/jira/browse/AIRFLOW-4539

Committer

• I acknowledge that I am a maintainer/committer of the Apache Airflow project.

[subkanthi]

can I take a look at this if no one is working on this. Thanks

[eladkal]

@subkanthi assigned

[Jedsman]

There is this solution that works for airflow 1.x.x, but for some reason does not for airflow 2.x. Maybe it can be used as a reference for this. The solution is here https://www.manishpoddar.com/post/how-to-implement-aws-single-sign-on-sso-on-airflow

[HaloKo4]

looking forward for this integration!

[victorphoenix3]

Hi, I would like to attempt this implementation.

[subkanthi]

Hi @victorphoenix3 , Im working on the API support for SAML, please feel free to take on SAML support for the webserver, it might need some digging into the FAB support.
#11305

[potiuk]

assigned you @victorphoenix3 !

[eladkal]

Probably dependent on dpgaspar/Flask-AppBuilder#1028

[jjournet]

does that mean that today, we can't use a SSO solution (like keycloak) with Airflow ?

[LucaSoato]

Do we have any news about SSO for Airflow?

[potiuk]

You can use keycloak this can be done independently of SAML support for Airlfow. You need to forward the right Authorisation headers from Keycloak and make Airflow/FAB use them AFAIK.

[merovigen]

@jjournet you can use OAuth for Keycloak integration.
Please take a look at this example, it helped me with a custom OAuth identity provider.

[potiuk]

This is a very cool article. Thanks for bringing my attention to it @merovigen