You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/12/20 10:30:10 UTC

[GitHub] [superset] manodupont opened a new issue #17825: Can't add a database when using OIDC (Keycloak)

manodupont opened a new issue #17825:
URL: https://github.com/apache/superset/issues/17825


   I connected superset with Keycloak.
   
   I pretty much followed some forum here and there and finally got this working.
   
   The problem is : Why did I lose the possibility to "Add a database" or a "dataset". I dont have that menu anymore.
   <img width="1536" alt="Screen Shot 2021-12-20 at 11 27 38" src="https://user-images.githubusercontent.com/7568033/146752819-46da7e5c-fd4e-4e1f-99f5-dd6320978f94.png">
   
   ### Expected results
   
   Can add a database
   
   ### Actual results
   
   I cannot add a database
   
   ### Environment
   
   docker image `apache/superset:latest-dev`
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] jhult commented on issue #17825: Can't add a database when using OIDC (Keycloak)

Posted by GitBox <gi...@apache.org>.

jhult commented on issue #17825:
URL: https://github.com/apache/superset/issues/17825#issuecomment-1003487805


   @manodupont, copy/paste this class: `OIDCSecurityManager` (`from keycloack_security_manager`). Also, FYI, `keycloack_security_manager` has a typo.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] manodupont edited a comment on issue #17825: Can't add a database when using OIDC (Keycloak)

Posted by GitBox <gi...@apache.org>.

manodupont edited a comment on issue #17825:
URL: https://github.com/apache/superset/issues/17825#issuecomment-998851391


   Well yes i do understand. I  think this is the probleme cause even though I force the user logged to be "Admin" it still shows as "Gamma" when I am logged in, in the user profile.
   
   So, i mean, any information on how role works and how I can map roles into my SecurityManager would be appreciated.
   
   Right now my superset_config.py looks like this : 
   ```
   ...
   from keycloack_security_manager  import  OIDCSecurityManager
   from flask_appbuilder.security.manager import AUTH_OID, AUTH_REMOTE_USER, AUTH_DB, AUTH_LDAP, AUTH_OAUTH
   import os
   
   #---------------------------KEYCLOACK ----------------------------
   
   curr  =  os.path.abspath(os.getcwd())
   AUTH_TYPE = AUTH_OID
   SECRET_KEY: 'SomethingNotEntirelySecret'
   OIDC_CLIENT_SECRETS =  curr + '/docker/pythonpath_dev/client_secrets.json'
   OIDC_ID_TOKEN_COOKIE_SECURE = False
   OIDC_REQUIRE_VERIFIED_EMAIL = False
   OIDC_OPENID_REALM: 'portal-cockpit'
   OIDC_INTROSPECTION_AUTH_METHOD: 'client_secret_post'
   CUSTOM_SECURITY_MANAGER = OIDCSecurityManager
   AUTH_USER_REGISTRATION = True
   AUTH_USER_REGISTRATION_ROLE = 'Admin'
   
   #--------------------------------------------------------------
   ...
   ```
   
   So i thought that `AUTH_USER_REGISTRATION_ROLE = 'Admin'` would set anything to "Admin" but it doesn't seem to work.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] manodupont commented on issue #17825: Can't add a database when using OIDC (Keycloak)

Posted by GitBox <gi...@apache.org>.

manodupont commented on issue #17825:
URL: https://github.com/apache/superset/issues/17825#issuecomment-998851391


   Well yes i do understand. I  think this is the probleme cause even though I force the user logged to be "Admin" it still shows as "Gamma" when I am logged in, in the user profile.
   
   So, i mean, any information on how role works and how I can map roles into my SecurityManager would be appreciated.
   
   Right now my superset_config.py looks like this : 
   ```
   ...
   from keycloack_security_manager  import  OIDCSecurityManager
   from flask_appbuilder.security.manager import AUTH_OID, AUTH_REMOTE_USER, AUTH_DB, AUTH_LDAP, AUTH_OAUTH
   import os
   
   #---------------------------KEYCLOACK ----------------------------
   
   curr  =  os.path.abspath(os.getcwd())
   AUTH_TYPE = AUTH_OID
   SECRET_KEY: 'SomethingNotEntirelySecret'
   OIDC_CLIENT_SECRETS =  curr + '/docker/pythonpath_dev/client_secrets.json'
   OIDC_ID_TOKEN_COOKIE_SECURE = False
   OIDC_REQUIRE_VERIFIED_EMAIL = False
   OIDC_OPENID_REALM: 'portal-cockpit'
   OIDC_INTROSPECTION_AUTH_METHOD: 'client_secret_post'
   CUSTOM_SECURITY_MANAGER = OIDCSecurityManager
   AUTH_USER_REGISTRATION = True
   AUTH_USER_REGISTRATION_ROLE = 'Admin'
   
   #--------------------------------------------------------------
   ...```
   
   So i thought that `AUTH_USER_REGISTRATION_ROLE = 'Admin'` would set anything to "Admin" but it doesn't seem to work.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] srinify commented on issue #17825: Can't add a database when using OIDC (Keycloak)

Posted by GitBox <gi...@apache.org>.

srinify commented on issue #17825:
URL: https://github.com/apache/superset/issues/17825#issuecomment-998816349


   This usually happens when you're logged into a `role` in Superset that doesn't have access / permissions to add database. I've never used Keycloak but this is the surface area that I would attempt to debug. What roles have you created in Superset, which one are you logged in as right now, etc.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org