Using KeyCloak(OpenID Connect) with Apache SuperSet

I ended up figuring it out myself.

The solution I ended up with does not make use of a FAB add-on, but you also don't have to edit existing code/files.

I've renamed the manager.py file to security.py, and it now looks like this:

from flask import redirect, requestfrom flask_appbuilder.security.manager import AUTH_OIDfrom superset.security import SupersetSecurityManagerfrom flask_oidc import OpenIDConnectfrom flask_appbuilder.security.views import AuthOIDViewfrom flask_login import login_userfrom urllib.parse import quotefrom flask_appbuilder.views import ModelView, SimpleFormView, exposeimport loggingclass AuthOIDCView(AuthOIDView):    @expose('/login/', methods=['GET', 'POST'])    def login(self, flag=True):        sm = self.appbuilder.sm        oidc = sm.oid        @self.appbuilder.sm.oid.require_login        def handle_login():             user = sm.auth_user_oid(oidc.user_getfield('email'))            if user is None:                info = oidc.user_getinfo(['preferred_username', 'given_name', 'family_name', 'email'])                user = sm.add_user(info.get('preferred_username'), info.get('given_name'), info.get('family_name'), info.get('email'), sm.find_role('Gamma'))             login_user(user, remember=False)            return redirect(self.appbuilder.get_url_for_index)          return handle_login()      @expose('/logout/', methods=['GET', 'POST'])    def logout(self):        oidc = self.appbuilder.sm.oid        oidc.logout()        super(AuthOIDCView, self).logout()                redirect_url = request.url_root.strip('/') + self.appbuilder.get_url_for_login        return redirect(oidc.client_secrets.get('issuer') + '/protocol/openid-connect/logout?redirect_uri=' + quote(redirect_url))class OIDCSecurityManager(SupersetSecurityManager):    authoidview = AuthOIDCView    def __init__(self,appbuilder):        super(OIDCSecurityManager, self).__init__(appbuilder)        if self.auth_type == AUTH_OID:            self.oid = OpenIDConnect(self.appbuilder.get_app)

I place the security.py file next to my superset_config_py file.

The JSON configuration file stays unchanged.

Then I've changed the superset_config.py file to include the following lines:

from security import OIDCSecurityManagerAUTH_TYPE = AUTH_OIDOIDC_CLIENT_SECRETS = <path_to_configuration_file>OIDC_ID_TOKEN_COOKIE_SECURE = FalseOIDC_REQUIRE_VERIFIED_EMAIL = FalseAUTH_USER_REGISTRATION = TrueAUTH_USER_REGISTRATION_ROLE = 'Gamma'CUSTOM_SECURITY_MANAGER = OIDCSecurityManager

That's it.

Now when I navigate to my site, it automatically goes to the KeyCloak login screen, and upon successful sign in I am redirected back to my application.