You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/02/04 10:45:18 UTC

[GitHub] [superset] saultawil opened a new issue #12939: How can I bypass unnecessary sign-in page when using SSO with OAUTH2?

saultawil opened a new issue #12939:
URL: https://github.com/apache/superset/issues/12939


   I set up SSO login for Superset successfully by setting up the config file to use OAUTH2 login and integrating it with OKTA SSO service. However the redirect uri http://[site]:8088/oauth-authorized/okta that needs to be configured for Flask Application Builder to work redirects to a Superset sign-in page where the user needs to choose a provider and click sign-in. This is an unnecessary step since there is only one provider and the user already logged into OKTA SSO provider and should not need to sign-in or login again.
   
   Is there any way to bypass this redundant sign-in page which my users find confusing and sometimes get stuck on. If there is no way to bypass it can someone tell me how I can customize the login page to instruct users how to use it?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] vishnuvardhan-kumar removed a comment on issue #12939: How can I bypass unnecessary sign-in page when using SSO with OAUTH2?

Posted by GitBox <gi...@apache.org>.

vishnuvardhan-kumar removed a comment on issue #12939:
URL: https://github.com/apache/superset/issues/12939#issuecomment-779865582


   @saultawil Can you share the configuration that you used to integrate Okta with Superset? I'm stuck with a 400 Bad Request page with each /authorize request.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] Jimmy-Newtron commented on issue #12939: How can I bypass unnecessary sign-in page when using SSO with OAUTH2?

Posted by GitBox <gi...@apache.org>.

Jimmy-Newtron commented on issue #12939:
URL: https://github.com/apache/superset/issues/12939#issuecomment-820685788


   > I set up SSO login for Superset successfully by setting up the config file to use OAUTH2 login and integrating it with OKTA SSO service. However the redirect uri http://[site]:8088/oauth-authorized/okta that needs to be configured for Flask Application Builder to work redirects to a Superset sign-in page where the user needs to choose a provider and click sign-in. This is an unnecessary step since there is only one provider and the user already logged into OKTA SSO provider and should not need to sign-in or login again.
   > 
   > Is there any way to bypass this redundant sign-in page which my users find confusing and sometimes get stuck on. If there is no way to bypass it can someone tell me how I can customize the login page to instruct users how to use it?
   
   In fact you have the possibility to override the login/logout endpoints by the creation of a custom View class that will replace the default sign in page
   
   You can have a look at the example in the discussion https://github.com/apache/superset/discussions/13915#discussioncomment-558709
   
   The only difference is that you have to assign your class to `self.authoauthview` variable
   
   If I am not clear I can share more information about it


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] amitmiran137 closed issue #12939: How can I bypass unnecessary sign-in page when using SSO with OAUTH2?

Posted by GitBox <gi...@apache.org>.

amitmiran137 closed issue #12939:
URL: https://github.com/apache/superset/issues/12939


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] shawnzhu commented on issue #12939: How can I bypass unnecessary sign-in page when using SSO with OAUTH2?

Posted by GitBox <gi...@apache.org>.

shawnzhu commented on issue #12939:
URL: https://github.com/apache/superset/issues/12939#issuecomment-916508586


   when using Flask AppBuilder v3.3.1+, the feature [OAuth - redirect direct to provider if just one provider exists](https://github.com/dpgaspar/Flask-AppBuilder/pull/1618)
   
   Under Superset 1.3.0 with Flask AppBuilder v3.3.1, if there is only one oauth auth provider, it will redirect user to this auth provider's login page automatically.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] vishnuvardhan-kumar commented on issue #12939: How can I bypass unnecessary sign-in page when using SSO with OAUTH2?

Posted by GitBox <gi...@apache.org>.

vishnuvardhan-kumar commented on issue #12939:
URL: https://github.com/apache/superset/issues/12939#issuecomment-779865582


   @saultawil Can you share the configuration that you used to integrate Okta with Superset? I'm stuck with a 400 Bad Request page with each /authorize request.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] vinit2580 commented on issue #12939: How can I bypass unnecessary sign-in page when using SSO with OAUTH2?

Posted by GitBox <gi...@apache.org>.

vinit2580 commented on issue #12939:
URL: https://github.com/apache/superset/issues/12939#issuecomment-818734550


   @saultawil - Are you able to login using OKTA SSO ? Can you help me. I am having below configuration for okta sso but after authentication. It redirects to login page again with message 'Invalid login. Please try again'
   
   OAUTH_PROVIDERS = [
          {'name': 'okta', 'icon': 'fa-circle-o',
           'token_key': 'access_token',
           'remote_app': {
               'client_id': '0oa8hoe9t1c8LxBxdxz357',
               'client_secret': 'b8exxJID0BQOXlvMlua5To5frU4OY7FX3cXDOMLM',
               'api_base_url': 'https://dev-514411.okta.com/oauth2/v1/',
               'client_kwargs': {
                   'scope': 'openid profile email groups'
               },
               'access_token_url': 'https://dev-514411.okta.com/oauth2/v1/token',
               'authorize_url': 'https://dev-514411.okta.com/oauth2/v1/authorize'
             }
           }
   ]
   
   ![image](https://user-images.githubusercontent.com/30068633/114559923-d69d0780-9c89-11eb-92ba-3731c86fb8d0.png)
   ![image](https://user-images.githubusercontent.com/30068633/114560009-e9afd780-9c89-11eb-8336-16a3acf8520a.png)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org