Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ################ Файл superset_config.py
- from custom_sso_security_manager import CustomSsoSecurityManager
- CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
- ###### OAUTH AUTH
- AUTH_TYPE = AUTH_OAUTH
- AUTH_USER_REGISTRATION = True
- AUTH_USER_REGISTRATION_ROLE = "ReportViewOnly"
- AUTH_ROLES_SYNC_AT_LOGIN = True
- AUTH_ROLES_MAPPING = {
- "Users": ["ReportViewOnly"],
- "Admins": ["Admin"],
- "Gamma": ["Gamma"],
- }
- OAUTH_PROVIDERS = [
- {
- 'name': 'adfs',
- 'icon': 'fa-key',
- 'token_key': 'access_token',
- 'remote_app': {
- 'client_id': 'client_id',
- 'client_secret': 'client_secret',
- 'api_base_url': 'https://ouath/',
- 'client_kwargs':{
- 'scope': 'profile'
- },
- 'request_token_url': None,
- 'access_token_url': 'https://ouath/adfs/oauth2/token',
- 'authorize_url': 'https://ouath/adfs/oauth2/authorize'
- }
- }]
- ################ Файл custom_sso_security_manager.py там же где и superset_config.py
- import logging
- import requests
- import jwt
- from superset.security import SupersetSecurityManager
- class CustomSsoSecurityManager(SupersetSecurityManager):
- def oauth_user_info(self, provider, response=None):
- logging.debug("Oauth2 provider: {0}.".format(provider))
- if provider == "adfs":
- access_token = response["access_token"]
- # logging.debug("АААааа! Токен: {0}".format(access_token))
- decoded = jwt.decode(access_token, options={"verify_signature": False})
- # decoded = jwt.decode(access_token, verify=False)
- logging.debug("Свойства AD: {0}".format(decoded))
- return {
- "email": decoded["email"],
- # "id": user_data["login"],
- "username": decoded["login"],
- "first_name": decoded["firstName"],
- "last_name": decoded["lastName"],
- "role_keys": decoded["roles"],
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement