Using KeyCloak(OpenID Connect) with Apache SuperSet
I ended up figuring it out myself.
The solution I ended up with does not make use of a FAB add-on, but you also don't have to edit existing code/files.
I've renamed the manager.py file to security.py, and it now looks like this:
from flask import redirect, requestfrom flask_appbuilder.security.manager import AUTH_OIDfrom superset.security import SupersetSecurityManagerfrom flask_oidc import OpenIDConnectfrom flask_appbuilder.security.views import AuthOIDViewfrom flask_login import login_userfrom urllib.parse import quotefrom flask_appbuilder.views import ModelView, SimpleFormView, exposeimport loggingclass AuthOIDCView(AuthOIDView): @expose('/login/', methods=['GET', 'POST']) def login(self, flag=True): sm = self.appbuilder.sm oidc = sm.oid @self.appbuilder.sm.oid.require_login def handle_login(): user = sm.auth_user_oid(oidc.user_getfield('email')) if user is None: info = oidc.user_getinfo(['preferred_username', 'given_name', 'family_name', 'email']) user = sm.add_user(info.get('preferred_username'), info.get('given_name'), info.get('family_name'), info.get('email'), sm.find_role('Gamma')) login_user(user, remember=False) return redirect(self.appbuilder.get_url_for_index) return handle_login() @expose('/logout/', methods=['GET', 'POST']) def logout(self): oidc = self.appbuilder.sm.oid oidc.logout() super(AuthOIDCView, self).logout() redirect_url = request.url_root.strip('/') + self.appbuilder.get_url_for_login return redirect(oidc.client_secrets.get('issuer') + '/protocol/openid-connect/logout?redirect_uri=' + quote(redirect_url))class OIDCSecurityManager(SupersetSecurityManager): authoidview = AuthOIDCView def __init__(self,appbuilder): super(OIDCSecurityManager, self).__init__(appbuilder) if self.auth_type == AUTH_OID: self.oid = OpenIDConnect(self.appbuilder.get_app)
I place the security.py file next to my superset_config_py file.
The JSON configuration file stays unchanged.
Then I've changed the superset_config.py file to include the following lines:
from security import OIDCSecurityManagerAUTH_TYPE = AUTH_OIDOIDC_CLIENT_SECRETS = <path_to_configuration_file>OIDC_ID_TOKEN_COOKIE_SECURE = FalseOIDC_REQUIRE_VERIFIED_EMAIL = FalseAUTH_USER_REGISTRATION = TrueAUTH_USER_REGISTRATION_ROLE = 'Gamma'CUSTOM_SECURITY_MANAGER = OIDCSecurityManager
That's it.
Now when I navigate to my site, it automatically goes to the KeyCloak login screen, and upon successful sign in I am redirected back to my application.