我正在尝试将 Okta 集成到 Apache Superset,但它没有按预期工作。
当我尝试使用 Okta 登录时,我看到一个登录屏幕,告诉我,
The request to sign in was denied.
Superset 的日志不显示有关尝试授权的任何错误或日志。
我的
superset_config.py
的相关部分是:
# Okta Login Logic:
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Public"
OKTA_BASE_URL = "my_url.okta.com"
AUTH_TYPE = AUTH_OAUTH
OKTA_CLIENT_ID = os.environ.get("OKTA_CLIENT_ID")
OKTA_CLIENT_SECRET = os.environ.get("OKTA_CLIENT_SECRET")
class CustomSsoSecurityManager(SupersetSecurityManager):
def oauth_user_info(self, provider, response=None):
if provider == "my_company_name": #perhaps this should be okta?
user_info = self.appbuilder.sm.oauth_remotes[provider].parse_id_token(
response
)
return {
"name": user_info["name"],
"email": user_info["email"],
"id": user_info["email"],
"username": user_info["email"],
}
OAUTH_PROVIDERS = [
{
"name": "my_company_name",
"token_key": "access_token",
"icon": "fa-circle-o",
"remote_app": {
"client_id": OKTA_CLIENT_ID,
"client_secret": OKTA_CLIENT_SECRET,
"client_kwargs": {"scope": "openid profile email groups"},
"access_token_method": "POST",
"api_base_url": f"{OKTA_BASE_URL}/oauth2/v1/",
"access_token_url": f"{OKTA_BASE_URL}/oauth2/v1/token",
"authorize_url": f"{OKTA_BASE_URL}/oauth2/v1/authorize",
"server_metadata_url": f"{OKTA_BASE_URL}/.well-known/openid-configuration",
},
}
]
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
# a mapping from the values of `userinfo["role_keys"]` to a list of FAB roles
AUTH_ROLES_MAPPING = {
"FAB_USERS": ["User"],
"FAB_ADMINS": ["Admin"],
}
# if we should replace ALL the user's roles each login, or only on registration
AUTH_ROLES_SYNC_AT_LOGIN = True
我已经审阅了所有相关文档和其他几篇 SO 帖子。
有什么解决办法吗?我也有同样的问题