You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create superset client and register roles which are existing in Apache Superset application.
Configure Identity Providers with auth information in Azure AD.
Configure Mappers of the configured identity provider.
The key point is if you want assign a specific Role, check groups field in id_token with [GROUP_ID] using Regex Claim Values and select a Role of the client application.
Apache Superset
Example Flask configuration.
# ----------------------------------------------------# AUTHENTICATION CONFIG# ----------------------------------------------------fromflask_appbuilder.security.managerimportAUTH_OIDAUTH_TYPE=AUTH_OIDAUTH_ROLE_ADMIN='Admin'AUTH_USER_REGISTRATION=TrueAUTH_USER_REGISTRATION_ROLE="Public"# registration role to "Public" which is the lowerst permissionfromfab_auth_keycloak.securityimportSupersetOIDCSecurityManagerCUSTOM_SECURITY_MANAGER=SupersetOIDCSecurityManagerOIDC_CLIENT_SECRETS="[CONFIGURATION_PATH]/oidc_client.json"OIDC_SCOPES= ['openid', 'email', 'profile']
OIDC_USER_INFO_ENABLED=True
{
"web": {
"realm_public_key": "[FIND IN KEYCLOAK]",
"issuer": "[FIND IN KEYCLOAK]",
"auth_uri": "[FIND IN KEYCLOAK]",
"client_id": "superset",
"client_secret": "[FIND IN KEYCLOAK SUPERSET CLIENT]",
"redirect_urls": [
// URLs which must be redirected to
],
"userinfo_uri": "[FIND IN KEYCLOAK]",
"token_uri": "[FIND IN KEYCLOAK]",
"token_introspection_uri": "[FIND IN KEYCLOAK]"
}
}