Open eladkal opened 2 years ago
can I take a look at this if no one is working on this. Thanks
@subkanthi assigned
There is this solution that works for airflow 1.x.x, but for some reason does not for airflow 2.x. Maybe it can be used as a reference for this. The solution is here https://www.manishpoddar.com/post/how-to-implement-aws-single-sign-on-sso-on-airflow
looking forward for this integration!
Hi, I would like to attempt this implementation.
Hi @victorphoenix3 , Im working on the API support for SAML, please feel free to take on SAML support for the webserver, it might need some digging into the FAB support. https://github.com/apache/airflow/issues/11305
assigned you @victorphoenix3 !
Probably dependent on https://github.com/dpgaspar/Flask-AppBuilder/issues/1028
does that mean that today, we can't use a SSO solution (like keycloak) with Airflow ?
Do we have any news about SSO for Airflow?
You can use keycloak this can be done independently of SAML support for Airlfow. You need to forward the right Authorisation headers from Keycloak and make Airflow/FAB use them AFAIK.
@jjournet you can use OAuth for Keycloak integration. Please take a look at this example, it helped me with a custom OAuth identity provider.
This is a very cool article. Thanks for bringing my attention to it @merovigen
Hello! Any updates on SAML auth for Airflow? I'm looking for the way to authenticate Airflow with ADFS, no luck at the moment.
Hello! Any updates on SAML auth for Airflow? I'm looking for the way to authenticate Airflow with ADFS, no luck at the moment.
@koskoskos As of Airlfow 2.8, Airflow supports Auth Manager interface, which allows anyone to write any Auth Manager. We have currently two Auth Managers: FAB (back-compatibiltiy) and AWS (experimental). We would love to have somoene to develop and contribute a KeyCloak Auth Manager that would open Airflow to way more schemes than FAB currently support, but also there is nothing to prevent anyone to write their own Auth Manager - for example SAML Auth Manager. So if you would like to have certaintly SAML authentication is there - you (or your company) could work on contributing one of the Auth Managers I mentioned above. Or pay someone to do it. Otherwise, it will have to wait for someone to implement it.
The Auth Manager interface / API of Airflow is described here https://airflow.apache.org/docs/apache-airflow/stable/core-concepts/auth-manager.html#auth-manager
Would you like to help with that?
Body
Previously also asked in Jira https://issues.apache.org/jira/browse/AIRFLOW-4539
Committer