superset icon indicating copy to clipboard operation
superset copied to clipboard
verified publisher icon apache

Invalid login. Please try again. When i try to configure SSO using Zitadel and superset

Open resulraveendran opened this issue 1 year ago • 2 comments

Hi,

When I try to configure SSO using Zitadel and superset by referring this document https://superset.apache.org/docs/installation/configuring-superset#custom-oauth2-configuration. I got this issue. nvalid login. Please try again. when I clicked the login button. First I got the login page of zitadel after that redirected to superset , From there i got this issue

From superset app

ERROR:flask_appbuilder.security.views:Error returning OAuth user info: 'Response' object has no attribute 'data'

my superset_config.py is

from flask_appbuilder.security.manager import AUTH_OAUTH
from custom_sso_security_manager import CustomSsoSecurityManager


# Set the authentication type to OAuth
AUTH_TYPE = AUTH_OAUTH

OAUTH_PROVIDERS = [
    {   'name':'drhSSO',
        'token_key': "access_token", # Name of the token in the response of access_token_url
        'icon':'fa-address-card',   # Icon for the provider
        'remote_app': {
            'client_id':'2628489275@drh-admin',  # Client Id (Identify Superset application)
            'client_secret':'USC5otaTy4Grm6jDMjhKbH', # Secret for this Client Id (Identify Superset application)
            'client_kwargs':{
                'scope': 'openid  profile'               # Scope for the Authorization
            },
            'access_token_method':'POST',    # HTTP Method to call access_token_url
            'access_token_params':{        # Additional parameters for calls to access_token_url
                'client_id':'USC5otaTy4GrMdxym6jDMjhKbH'
            },
            'jwks_uri':'https://idi.drective.com/oauth/v2/keys', # may be required to generate token
            'access_token_headers':{    # Additional headers for calls to access_token_url
                'Authorization': 'Basic MjYyODQ4OTk0NjIxODc4Mjc1QGRyaC1hZG1pblVTQzVvdGFUeTRHck02c29DN1hyZG1XcFdodlF3dGx2Znl4aXpCVEpLT3RXY0doUm96Y2R4eW02akRNamhLYkg='
            },
            'api_base_url':'https://idi.drective.com/oauth/v2',
            'access_token_url':'https://idi.drective.com/oauth/v2/token',
            'authorize_url':'https://idi.drective.com/oauth/v2/authorize',
            'redirect_uri':'https://ss.drh.diabetestechnology.org/oauth-authorized/drhSSO'

        }
    }
]

# Will allow user self registration, allowing to create Flask users from Authorized User
AUTH_USER_REGISTRATION = True

# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"

CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager

and my custom_sso_security_manager.py file is

import logging
from superset.security import SupersetSecurityManager

class CustomSsoSecurityManager(SupersetSecurityManager):

    def oauth_user_info(self, provider, response=None):
        logging.debug("Oauth2 provider: {0}.".format(provider))
        if provider == 'drhSSO':
            # As example, this line request a GET to base_url + '/' + userDetails with Bearer  Authentication,
    # and expects that authorization server checks the token, and response with user details
            me = self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data
            logging.debug("user_data: {0}".format(me))
            return { 'name' : me['name'], 'email' : me['email'], 'id' : me['user_name'], 'username' : me['user_name'], 'first_name':'', 'last_name':''}
    ...

Please give me a solution for this or any suggestion to resolve the issue.

resulraveendran avatar Apr 17 '24 13:04 resulraveendran

Hi @resulraveendran did you got the solution because I am too facing the same issue while integrating Microsoft SSO. You can see my full issue on this link

khushal786 avatar Oct 16 '24 10:10 khushal786 

  import logging
  from superset.security import SupersetSecurityManager
  
  class CustomSsoSecurityManager(SupersetSecurityManager):

      def oauth_user_info(self, provider, response=None):
          logging.debug("Oauth2 provider: {0}.".format(provider))
          if provider == 'drhSSO':
              # As example, this line request a GET to base_url + '/' + userDetails with Bearer  Authentication,
      # and expects that authorization server checks the token, and response with user details
              me = self.appbuilder.sm.oauth_remotes[provider].get('userDetails').data
              logging.debug("user_data: {0}".format(me))
              return { 'name' : me['name'], 'email' : me['email'], 'id' : me['user_name'], 'username' : me['user_name'], 'first_name':'', 'last_name':''}
    ...

In this you need to use (in my case i'm using email for checking)

user = self.find_user(email=data['mail'])

login_user(user, remember=False)

user_info = {
                'name' : user['name'],
                'email' : user['email'],
                'id' : user['id'],
                'username' : user['username'],
                'first_name': user['first_name'],
                'last_name': user['last_name'],
                # 'role': user['role']
            }

return user_info

data is from Azure Entra Get me

but unfortunately I'm still having issue Invalid login, Please try again, but it's still work like login successful. Any advice?

quanngo avatar Oct 17 '24 04:10 quanngo

w'ere having the same issue here

Edit: My issue was that the original admin user had the same email as my oauth user and there were no logs. I changed the email of the admin and all went smooth.

zeapo avatar Feb 05 '25 20:02 zeapo

@khushal786 Have you found any solution

devyash786 avatar Mar 28 '25 07:03 devyash786