airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "yuk (Jira)" <j...@apache.org>
Subject [jira] [Commented] (AIRFLOW-4539) Implement SAML 2.0 authentication backend
Date Wed, 11 Sep 2019 06:23:00 GMT

    [ https://issues.apache.org/jira/browse/AIRFLOW-4539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16927283#comment-16927283
] 

yuk commented on AIRFLOW-4539:
------------------------------

Is role base authorization available in saml based authentication ?

> Implement SAML 2.0 authentication backend
> -----------------------------------------
>
>                 Key: AIRFLOW-4539
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-4539
>             Project: Apache Airflow
>          Issue Type: Improvement
>          Components: authentication
>            Reporter: tucker yates
>            Priority: Minor
>              Labels: SAML, authentication
>         Attachments: saml_auth.py, settings.json
>
>   Original Estimate: 120h
>  Remaining Estimate: 120h
>
> I took a stab at implementing an auth backend for SAML. This utilizes the python3-saml
library ([https://github.com/onelogin/python3-saml]), and as I don't know a lot about flask_login,
I used the existing [github_enterprise_auth.py|https://github.com/apache/airflow/blob/master/airflow/contrib/auth/backends/github_enterprise_auth.py] as
a template. I got the login process working on an internal test installation of airflow on
ubuntu using python3 and airflow 1.10.3. my code is garbage and needs some cleanup, and the
logout feature doesn't work :D. If anyone wants to take this and turn it into a proper pull
request, please go ahead. 
> h1. required setup (ubuntu):
> {{sudo apt install libxmlsec1-dev}}
> {{pip3 install python3-saml}}
> h1. airflow.cfg changes
> {{[webserver]}}
> {{auth_backend = airflow.contrib.auth.backends.saml_auth}}
> {{[saml_auth]}}
> {{saml_path = /home/ubuntu/airflow/saml}}
>  The saml_path specifies a location where a settings.json file sits, which should contain
SAML information for the python3-saml library to load. I tested this using Azure AD by adding
airflow as an enterprise application



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Mime
View raw message