search

apache / airflow

Apache Airflow - A platform to programmatically author, schedule, and monitor workflows
https://airflow.apache.org/
Apache License 2.0
35.61k stars 13.87k forks source link

Add support for SAML auth backend #20705

Open eladkal opened 2 years ago

eladkal commented 2 years ago

Body

Previously also asked in Jira https://issues.apache.org/jira/browse/AIRFLOW-4539

Committer

subkanthi commented 2 years ago

can I take a look at this if no one is working on this. Thanks

eladkal commented 2 years ago

@subkanthi assigned

Jedsman commented 2 years ago

There is this solution that works for airflow 1.x.x, but for some reason does not for airflow 2.x. Maybe it can be used as a reference for this. The solution is here https://www.manishpoddar.com/post/how-to-implement-aws-single-sign-on-sso-on-airflow

HaloKo4 commented 2 years ago

looking forward for this integration!

victorphoenix3 commented 2 years ago

Hi, I would like to attempt this implementation.

subkanthi commented 2 years ago

Hi @victorphoenix3 , Im working on the API support for SAML, please feel free to take on SAML support for the webserver, it might need some digging into the FAB support. https://github.com/apache/airflow/issues/11305

potiuk commented 2 years ago

assigned you @victorphoenix3 !

eladkal commented 1 year ago

Probably dependent on https://github.com/dpgaspar/Flask-AppBuilder/issues/1028

jjournet commented 1 year ago

does that mean that today, we can't use a SSO solution (like keycloak) with Airflow ?

LucaSoato commented 1 year ago

Do we have any news about SSO for Airflow?

potiuk commented 1 year ago

You can use keycloak this can be done independently of SAML support for Airlfow. You need to forward the right Authorisation headers from Keycloak and make Airflow/FAB use them AFAIK.

merovigen commented 1 year ago

@jjournet you can use OAuth for Keycloak integration. Please take a look at this example, it helped me with a custom OAuth identity provider.

potiuk commented 1 year ago

This is a very cool article. Thanks for bringing my attention to it @merovigen

koskoskos commented 1 month ago

Hello! Any updates on SAML auth for Airflow? I'm looking for the way to authenticate Airflow with ADFS, no luck at the moment.

potiuk commented 1 month ago

Hello! Any updates on SAML auth for Airflow? I'm looking for the way to authenticate Airflow with ADFS, no luck at the moment.

@koskoskos As of Airlfow 2.8, Airflow supports Auth Manager interface, which allows anyone to write any Auth Manager. We have currently two Auth Managers: FAB (back-compatibiltiy) and AWS (experimental). We would love to have somoene to develop and contribute a KeyCloak Auth Manager that would open Airflow to way more schemes than FAB currently support, but also there is nothing to prevent anyone to write their own Auth Manager - for example SAML Auth Manager. So if you would like to have certaintly SAML authentication is there - you (or your company) could work on contributing one of the Auth Managers I mentioned above. Or pay someone to do it. Otherwise, it will have to wait for someone to implement it.

The Auth Manager interface / API of Airflow is described here https://airflow.apache.org/docs/apache-airflow/stable/core-concepts/auth-manager.html#auth-manager

Would you like to help with that?