Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add AWS Cognito as IdP with Multiple Organization Support #3222

Closed
wants to merge 5 commits into from
Closed

Add AWS Cognito as IdP with Multiple Organization Support #3222

wants to merge 5 commits into from

Conversation

gsollazzo
Copy link

This add one more authentication method via AWS Cognito based on the JWT integration (see merged pull request #2768)

Example config:

REDASH_JWT_LOGIN_ENABLED: "true"
REDASH_JWT_AUTH_ALGORITHMS: "RS256"
REDASH_JWT_AUTH_PUBLIC_CERTS_URL: "https://cognito-idp.[region].amazonaws.com/[User Pool ID]/.well-known/jwks.json"
REDASH_JWT_AUTH_AUDIENCE: "[APP ID]"
REDASH_JWT_AUTH_ISSUER: "https://cognito-idp.[region].amazonaws.com/[User Pool ID]"
REDASH_AWS_COGNITO_ENABLED: "true"
REDASH_AWS_COGNITO_REGION: "eu-central-1"
REDASH_AWS_COGNITO_BASE_URL: "https://[custom-url].auth.[region].amazoncognito.com/"
REDASH_AWS_COGNITO_ORG_ATTRIBUTE: "custom:organization_name"
REDASH_HOST: "http://localhost:5000"
REDASH_PASSWORD_LOGIN_ENABLED: "false"
REDASH_MULTI_ORG: "true"

When we get user from AWS Cognito as a JWT, it's match user by email+organization in database and log in. If we don't have user with this email in database, and the organization exist, then it will be created.

@ghost ghost added the in progress label Dec 26, 2018
@arikfr arikfr added this to In progress in Pull Requests Jan 22, 2019
@weekly-digest weekly-digest bot mentioned this pull request Mar 10, 2019
Closed
@ivanpetrushev
Copy link

Hello guys,

Do you know when Cognito support will be pushed to the master branch and AWS AMI images?

@cjangrist
Copy link

bump

@christophlingg
Copy link

Great feature, we need it merged¡

@weekly-digest weekly-digest bot mentioned this pull request Nov 4, 2019
Closed
@techwavein
Copy link

Will this get merged in 9.0? and this is not supporting if we try to use UI seperatly mentioned in this link https://redash.io/help/open-source/dev-guide/remote-server

@weekly-digest weekly-digest bot mentioned this pull request Nov 25, 2019
Closed
@seiyeah78
Copy link

We want to use this feature!
please merge it.

@guidopetri
Copy link
Contributor

@gsollazzo , thanks for the PR! We've updated a lot of things now that we're Community-driven so - if you're still interested in getting this merged - would you mind rebasing off master to re-run the CI, as well as updating merge conflicts?

We're trying to clean up our PR todo list, so if you're not interested, that's fine - we'll close the PR in about a week if we don't hear back. If you're interested in reopening the PR afterwards, we would also very much welcome that.

@justinclift
Copy link
Member

In the initial PR submission it has this:

If we don't have user with this email in database, and the organization exist, then it will be created.

That sounds like a potential security problem to me. Hopefully I'm misunderstanding something? 😄

@guidopetri guidopetri closed this Jul 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
No open projects
Pull Requests
  
In progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@gsollazzo @ivanpetrushev @cjangrist @christophlingg @techwavein @seiyeah78 @guidopetri @justinclift @arikfr