feat(auth): add SAML login support to frontend#38606
Conversation
Code Review Agent Run #87a487Actionable Suggestions - 0Review Details
Bito Usage GuideCommands Type the following command in the pull request comment and save the comment.
Refer to the documentation for additional commands. Configuration This repository uses Documentation & Help AI Code Review powered by |
codeant-ai-for-open-source
bot
added
the
size:L
dosubot
bot
added
authentication
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #38606 +/- ##
==========================================
- Coverage 65.01% 64.40% -0.61%
==========================================
Files 1817 2529 +712
Lines 72318 128959 +56641
Branches 23032 29722 +6690
==========================================
+ Hits 47016 83054 +36038
- Misses 25302 44459 +19157
- Partials 0 1446 +1446
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
dpgaspar
force-pushed
the
danielgaspar/sc-97146/visa-pcs-configure-saml-integration-with
branch
2 times, most recently
from
54f3f9b to
381db9f
Compare
![bito-code-review[bot]](https://avatars.githubusercontent.com/in/1061978?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review Agent Run #440e8b
Actionable Suggestions - 1
-
superset/config.py - 1
- Invalid CSRF Exempt Entry · Line 314-314
Review Details
-
Files reviewed - 7 · Commit Range:
381db9f..381db9f- requirements/base.txt
- requirements/development.txt
- superset-frontend/src/pages/Login/Login.test.tsx
- superset-frontend/src/pages/Login/index.tsx
- superset/config.py
- superset/views/base.py
- tests/unit_tests/views/test_bootstrap_auth.py
-
Files skipped - 0
-
Tools
- Whispers (Secret Scanner) - ✔︎ Successful
- Detect-secrets (Secret Scanner) - ✔︎ Successful
- MyPy (Static Code Analysis) - ✔︎ Successful
- Astral Ruff (Static Code Analysis) - ✔︎ Successful
Bito Usage Guide
Commands
Type the following command in the pull request comment and save the comment.
-
/review- Manually triggers a full AI review. -
/pause- Pauses automatic reviews on this pull request. -
/resume- Resumes automatic reviews. -
/resolve- Marks all Bito-posted review comments as resolved. -
/abort- Cancels all in-progress reviews.
Refer to the documentation for additional commands.
Configuration
This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.
Documentation & Help
AI Code Review powered by
dpgaspar
force-pushed
the
danielgaspar/sc-97146/visa-pcs-configure-saml-integration-with
branch
from
381db9f to
dbaecb5
Compare
codeant-ai-for-open-source
bot
added
size:L
✅ Deploy Preview for superset-docs-preview ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
There was a problem hiding this comment.
Code Review Agent Run #d2fb23
Actionable Suggestions - 2
-
superset/views/base.py - 1
- Undefined saml_providers attribute · Line 510-519
-
superset-frontend/src/pages/Login/Login.test.tsx - 1
- Incomplete test assertions for SAML login behavior · Line 61-78
Review Details
-
Files reviewed - 7 · Commit Range:
dbaecb5..dbaecb5- requirements/base.txt
- requirements/development.txt
- superset-frontend/src/pages/Login/Login.test.tsx
- superset-frontend/src/pages/Login/index.tsx
- superset/config.py
- superset/views/base.py
- tests/unit_tests/views/test_bootstrap_auth.py
-
Files skipped - 0
-
Tools
- Whispers (Secret Scanner) - ✔︎ Successful
- Detect-secrets (Secret Scanner) - ✔︎ Successful
- MyPy (Static Code Analysis) - ✔︎ Successful
- Astral Ruff (Static Code Analysis) - ✔︎ Successful
Bito Usage Guide
Commands
Type the following command in the pull request comment and save the comment.
-
/review- Manually triggers a full AI review. -
/pause- Pauses automatic reviews on this pull request. -
/resume- Resumes automatic reviews. -
/resolve- Marks all Bito-posted review comments as resolved. -
/abort- Cancels all in-progress reviews.
Refer to the documentation for additional commands.
Configuration
This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.
Documentation & Help
AI Code Review powered by
Flask-AppBuilder 5.1.0 added SAML authentication (AuthSAMLView). The backend already passes SAML providers to the frontend via bootstrap data, but the React Login component didn't handle AUTH_TYPE = 5 (AUTH_SAML), rendering an empty login page. Changes: - Add AuthSAML = 5 to the frontend AuthType enum and render SAML provider buttons using the same pattern as OAuth - Exempt FAB's SAML ACS endpoint from CSRF protection (the IdP POSTs the SAML response cross-site without a CSRF token) - Exclude SAML from recaptcha check (like OAuth, SAML users don't go through a registration form) - Add backend tests for SAML/OAuth bootstrap data and recaptcha logic - Add frontend test for SAML provider button rendering Note: SAML requires `python3-saml` which is an optional dependency. Install it with: `pip install flask-appbuilder[saml]` or `pip install python3-saml` Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
dpgaspar
force-pushed
the
danielgaspar/sc-97146/visa-pcs-configure-saml-integration-with
branch
from
dbaecb5 to
fba38e9
Compare
codeant-ai-for-open-source
bot
added
size:L
Sequence DiagramThis PR enables the frontend to support SAML auth by consuming SAML providers from bootstrap config and rendering provider login buttons. It also ensures federated SAML flow works end to end by skipping recaptcha in bootstrap config and exempting the SAML ACS callback from CSRF checks. sequenceDiagram
participant User
participant LoginPage
participant Backend
participant IdP
User->>LoginPage: Open sign in page
LoginPage->>Backend: Request bootstrap auth config
Backend->>Backend: Build SAML auth config and skip recaptcha
Backend-->>LoginPage: Return auth type and provider list
LoginPage-->>User: Render SAML provider buttons
User->>Backend: Start SAML login with selected provider
IdP->>Backend: Post SAML response to ACS endpoint
Backend-->>User: Accept callback and complete login
Generated by CodeAnt AI |
…aml-integration-with
Code Review Agent Run #887478Actionable Suggestions - 0Review Details
Bito Usage GuideCommands Type the following command in the pull request comment and save the comment.
Refer to the documentation for additional commands. Configuration This repository uses Documentation & Help AI Code Review powered by |
Antonio-RiveroMartnez
left a comment
Antonio-RiveroMartnez
left a comment
There was a problem hiding this comment.
LGTM, small nit and a question for learning purposes. Thanks
| saml_providers.append( | ||
| { | ||
| "name": provider["name"], | ||
| "icon": provider.get("icon", "fa-sign-in"), |
There was a problem hiding this comment.
nit: FAB already has this null check, correct? so probably not needed here, also, Auth0 treats the icon as non optional, why being different here?
There was a problem hiding this comment.
FAB Already had This view is not used by Superset. So we are adding the same check here
| "superset.views.core.explore_json", | ||
| "superset.views.core.log", | ||
| "superset.views.datasource.views.samples", | ||
| "flask_appbuilder.security.views.acs", |
There was a problem hiding this comment.
Question: Why other security views from FAB don't need to be included here but this does?
There was a problem hiding this comment.
This view is called by the SAML IdP, the IdP can't send a POST with a CSRF. The other views from FAB are used by a user directly and should be protected
dpgaspar
deleted the
danielgaspar/sc-97146/visa-pcs-configure-saml-integration-with
branch
2 participants
User description
SUMMARY
Flask-AppBuilder 5.1.0 added SAML authentication (
AuthSAMLView). The Superset backend already passes SAML providers to the frontend via bootstrap data (superset/views/base.py), but the React Login component didn't handleAUTH_TYPE = 5(AUTH_SAML), so the login page rendered empty — just "Sign in" with no provider buttons.This PR adds full SAML login support:
AuthSAML = 5to theAuthTypeenum and render SAML provider buttons using the same pattern as OAuth (same provider shape{name, icon}and/login/<provider>URL pattern)python3-samlviaflask-appbuilder[saml]extra inpyproject.tomland pinned requirements/saml/acs/) from CSRF protection — the IdP POSTs the SAML response cross-site without a CSRF tokenBEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
Before: With
AUTH_TYPE = AUTH_SAML, the login page shows only "Sign in" with no buttons.After: SAML provider buttons render correctly, matching the OAuth provider button style.
TESTING INSTRUCTIONS
superset_config.py:pytest tests/unit_tests/views/test_bootstrap_auth.py -vADDITIONAL INFORMATION
CodeAnt-AI Description
Add SAML login support and ensure SAML providers and recaptcha behavior are exposed to the frontend
What Changed
Impact
✅ Login page shows SAML providers✅ No recaptcha prompt for SAML sign-ins✅ Successful SAML ACS posts accepted without CSRF rejections💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.