Create superset client and register roles which are existing in Apache Superset application.
Configure Identity Providers with auth information in Azure AD.
Configure Mappers of the configured identity provider.
The key point is if you want assign a specific Role, check groups field in id_token with [GROUP_ID] using Regex Claim Values and select a Role of the client application.
Apache Superset
Example Flask configuration.
# ----------------------------------------------------# AUTHENTICATION CONFIG# ----------------------------------------------------fromflask_appbuilder.security.managerimportAUTH_OIDAUTH_TYPE=AUTH_OIDAUTH_ROLE_ADMIN='Admin'AUTH_USER_REGISTRATION=TrueAUTH_USER_REGISTRATION_ROLE="Public"# registration role to "Public" which is the lowerst permissionfromfab_auth_keycloak.securityimportSupersetOIDCSecurityManagerCUSTOM_SECURITY_MANAGER=SupersetOIDCSecurityManagerOIDC_CLIENT_SECRETS="[CONFIGURATION_PATH]/oidc_client.json"OIDC_SCOPES= ['openid', 'email', 'profile']
OIDC_USER_INFO_ENABLED=True
{
"web": {
"realm_public_key": "[FIND IN KEYCLOAK]",
"issuer": "[FIND IN KEYCLOAK]",
"auth_uri": "[FIND IN KEYCLOAK]",
"client_id": "superset",
"client_secret": "[FIND IN KEYCLOAK SUPERSET CLIENT]",
"redirect_urls": [
// URLs which must be redirected to
],
"userinfo_uri": "[FIND IN KEYCLOAK]",
"token_uri": "[FIND IN KEYCLOAK]",
"token_introspection_uri": "[FIND IN KEYCLOAK]"
}
}
The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.