search

apache / superset

Apache Superset is a Data Visualization and Data Exploration Platform
https://superset.apache.org/
Apache License 2.0
62.97k stars 13.94k forks source link

Invalid login. Please try again. When i try to configure SSO using Zitadel and superset #28103

Open resulraveendran opened 7 months ago

resulraveendran commented 7 months ago

Hi,

When I try to configure SSO using Zitadel and superset by referring this document https://superset.apache.org/docs/installation/configuring-superset#custom-oauth2-configuration. I got this issue. nvalid login. Please try again. when I clicked the login button. First I got the login page of zitadel after that redirected to superset , From there i got this issue

From superset app

ERROR:flask_appbuilder.security.views:Error returning OAuth user info: 'Response' object has no attribute 'data'

my superset_config.py is 

from flask_appbuilder.security.manager import AUTH_OAUTH
from custom_sso_security_manager import CustomSsoSecurityManager

# Set the authentication type to OAuth
AUTH_TYPE = AUTH_OAUTH

OAUTH_PROVIDERS = [
    {   'name':'drhSSO',
        'token_key': "access_token", # Name of the token in the response of access_token_url
        'icon':'fa-address-card',   # Icon for the provider
        'remote_app': {
            'client_id':'2628489275@drh-admin',  # Client Id (Identify Superset application)
            'client_secret':'USC5otaTy4Grm6jDMjhKbH', # Secret for this Client Id (Identify Superset application)
            'client_kwargs':{
                'scope': 'openid  profile'               # Scope for the Authorization
            },
            'access_token_method':'POST',    # HTTP Method to call access_token_url
            'access_token_params':{        # Additional parameters for calls to access_token_url
                'client_id':'USC5otaTy4GrMdxym6jDMjhKbH'
            },
            'jwks_uri':'https://idi.drective.com/oauth/v2/keys', # may be required to generate token
            'access_token_headers':{    # Additional headers for calls to access_token_url
                'Authorization': 'Basic MjYyODQ4OTk0NjIxODc4Mjc1QGRyaC1hZG1pblVTQzVvdGFUeTRHck02c29DN1hyZG1XcFdodlF3dGx2Znl4aXpCVEpLT3RXY0doUm96Y2R4eW02akRNamhLYkg='
            },
            'api_base_url':'https://idi.drective.com/oauth/v2',
            'access_token_url':'https://idi.drective.com/oauth/v2/token',
            'authorize_url':'https://idi.drective.com/oauth/v2/authorize',
            'redirect_uri':'https://ss.drh.diabetestechnology.org/oauth-authorized/drhSSO'

        }
    }
]

# Will allow user self registration, allowing to create Flask users from Authorized User
AUTH_USER_REGISTRATION = True

# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"

CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager

and my custom_sso_security_manager.py file is

import logging
from superset.security import SupersetSecurityManager

class CustomSsoSecurityManager(SupersetSecurityManager):

    def oauth_user_info(self, provider, response=None):
        logging.debug("Oauth2 provider: {0}.".format(provider))
        if provider == 'drhSSO':
            # As example, this line request a GET to base_url + '/' + userDetails with Bearer  Authentication,
    # and expects that authorization server checks the token, and response with user details
            me = self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data
            logging.debug("user_data: {0}".format(me))
            return { 'name' : me['name'], 'email' : me['email'], 'id' : me['user_name'], 'username' : me['user_name'], 'first_name':'', 'last_name':''}
    ...

Please give me a solution for this or any suggestion to resolve the issue.

khushal786 commented 1 month ago

Hi @resulraveendran did you got the solution because I am too facing the same issue while integrating Microsoft SSO. You can see my full issue on this link

quanngo commented 1 month ago 
  import logging
  from superset.security import SupersetSecurityManager

  class CustomSsoSecurityManager(SupersetSecurityManager):

      def oauth_user_info(self, provider, response=None):
          logging.debug("Oauth2 provider: {0}.".format(provider))
          if provider == 'drhSSO':
              # As example, this line request a GET to base_url + '/' + userDetails with Bearer  Authentication,
      # and expects that authorization server checks the token, and response with user details
              me = self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data
              logging.debug("user_data: {0}".format(me))
              return { 'name' : me['name'], 'email' : me['email'], 'id' : me['user_name'], 'username' : me['user_name'], 'first_name':'', 'last_name':''}
    ...

In this you need to use (in my case i'm using email for checking)

user = self.find_user(email=data['mail'])

login_user(user, remember=False)

user_info = {
                'name' : user['name'],
                'email' : user['email'],
                'id' : user['id'],
                'username' : user['username'],
                'first_name': user['first_name'],
                'last_name': user['last_name'],
                # 'role': user['role']
            }

return user_info

data is from Azure Entra Get me

but unfortunately I'm still having issue Invalid login, Please try again, but it's still work like login successful. Any advice?