You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "yuk (Jira)" <ji...@apache.org> on 2019/09/11 06:23:00 UTC
[jira] [Commented] (AIRFLOW-4539) Implement SAML 2.0 authentication
backend
[ https://issues.apache.org/jira/browse/AIRFLOW-4539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16927283#comment-16927283 ]
yuk commented on AIRFLOW-4539:
------------------------------
Is role base authorization available in saml based authentication ?
> Implement SAML 2.0 authentication backend
> -----------------------------------------
>
> Key: AIRFLOW-4539
> URL: https://issues.apache.org/jira/browse/AIRFLOW-4539
> Project: Apache Airflow
> Issue Type: Improvement
> Components: authentication
> Reporter: tucker yates
> Priority: Minor
> Labels: SAML, authentication
> Attachments: saml_auth.py, settings.json
>
> Original Estimate: 120h
> Remaining Estimate: 120h
>
> I took a stab at implementing an auth backend for SAML. This utilizes the python3-saml library ([https://github.com/onelogin/python3-saml]), and as I don't know a lot about flask_login, I used the existing [github_enterprise_auth.py|https://github.com/apache/airflow/blob/master/airflow/contrib/auth/backends/github_enterprise_auth.py] as a template. I got the login process working on an internal test installation of airflow on ubuntu using python3 and airflow 1.10.3. my code is garbage and needs some cleanup, and the logout feature doesn't work :D. If anyone wants to take this and turn it into a proper pull request, please go ahead.
> h1. required setup (ubuntu):
> {{sudo apt install libxmlsec1-dev}}
> {{pip3 install python3-saml}}
> h1. airflow.cfg changes
> {{[webserver]}}
> {{auth_backend = airflow.contrib.auth.backends.saml_auth}}
> {{[saml_auth]}}
> {{saml_path = /home/ubuntu/airflow/saml}}
> The saml_path specifies a location where a settings.json file sits, which should contain SAML information for the python3-saml library to load. I tested this using Azure AD by adding airflow as an enterprise application
--
This message was sent by Atlassian Jira
(v8.3.2#803003)