Superset 实施 SSO 时出现无效登录问题

我正在使用 docker compose 在 AWS EC2 实例中运行一个超集。当我进行 docker compose up 时，服务器启动，我可以看到服务器正在运行。此外，我还为 Microsoft 配置了 SSO，以便超集登录。

因此流程将是：用户来到 superset 的登录页面，输入经过身份验证的 Microsoft 凭据，并将其重定向到 superset 内部。

但就我而言，它对用户进行身份验证并重定向到登录页面，并显示无效登录。请再试一次。

虽然我的 superset_app 容器日志显示 werkzeug.exceptions.NotFound：404 Not Found：在服务器上找不到请求的 URL。

链接是我的超集logs图像。

这是

superset_config

import logging
import os

from celery.schedules import crontab
from flask_caching.backends.filesystemcache import FileSystemCache

logger = logging.getLogger()

DATABASE_DIALECT = os.getenv("DATABASE_DIALECT")
DATABASE_USER = os.getenv("DATABASE_USER")
DATABASE_PASSWORD = os.getenv("DATABASE_PASSWORD")
DATABASE_HOST = os.getenv("DATABASE_HOST")
DATABASE_PORT = os.getenv("DATABASE_PORT")
DATABASE_DB = os.getenv("DATABASE_DB")

EXAMPLES_USER = os.getenv("EXAMPLES_USER")
EXAMPLES_PASSWORD = os.getenv("EXAMPLES_PASSWORD")
EXAMPLES_HOST = os.getenv("EXAMPLES_HOST")
EXAMPLES_PORT = os.getenv("EXAMPLES_PORT")
EXAMPLES_DB = os.getenv("EXAMPLES_DB")

# The SQLAlchemy connection string.
SQLALCHEMY_DATABASE_URI = (
    f"{DATABASE_DIALECT}://"
    f"{DATABASE_USER}:{DATABASE_PASSWORD}@"
    f"{DATABASE_HOST}:{DATABASE_PORT}/{DATABASE_DB}"
)

SQLALCHEMY_EXAMPLES_URI = (
    f"{DATABASE_DIALECT}://"
    f"{EXAMPLES_USER}:{EXAMPLES_PASSWORD}@"
    f"{EXAMPLES_HOST}:{EXAMPLES_PORT}/{EXAMPLES_DB}"
)

REDIS_HOST = os.getenv("REDIS_HOST", "redis")
REDIS_PORT = os.getenv("REDIS_PORT", "6379")
REDIS_CELERY_DB = os.getenv("REDIS_CELERY_DB", "0")
REDIS_RESULTS_DB = os.getenv("REDIS_RESULTS_DB", "1")

RESULTS_BACKEND = FileSystemCache("/app/superset_home/sqllab")

CACHE_CONFIG = {
    "CACHE_TYPE": "RedisCache",
    "CACHE_DEFAULT_TIMEOUT": 300,
    "CACHE_KEY_PREFIX": "superset_",
    "CACHE_REDIS_HOST": REDIS_HOST,
    "CACHE_REDIS_PORT": REDIS_PORT,
    "CACHE_REDIS_DB": REDIS_RESULTS_DB,
}
DATA_CACHE_CONFIG = CACHE_CONFIG


class CeleryConfig:
    broker_url = f"redis://{REDIS_HOST}:{REDIS_PORT}/{REDIS_CELERY_DB}"
    imports = (
        "superset.sql_lab",
        "superset.tasks.scheduler",
        "superset.tasks.thumbnails",
        "superset.tasks.cache",
    )
    result_backend = f"redis://{REDIS_HOST}:{REDIS_PORT}/{REDIS_RESULTS_DB}"
    worker_prefetch_multiplier = 1
    task_acks_late = False
    beat_schedule = {
        "reports.scheduler": {
            "task": "reports.scheduler",
            "schedule": crontab(minute="*", hour="*"),
        },
        "reports.prune_log": {
            "task": "reports.prune_log",
            "schedule": crontab(minute=10, hour=0),
        },
    }


CELERY_CONFIG = CeleryConfig

FEATURE_FLAGS = {"ALERT_REPORTS": True}
ALERT_REPORTS_NOTIFICATION_DRY_RUN = True
# When using docker compose baseurl should be http://superset_app:8088/
# The base URL for the email report hyperlinks.
SQLLAB_CTAS_NO_LIMIT = True

#
# Optionally import superset_config_docker.py (which will have been included on
# the PYTHONPATH) in order to allow for local settings to be overridden
#
try:
    import superset_config_docker
    from superset_config_docker import *  # noqa

    logger.info(
        f"Loaded your Docker configuration at " f"[{superset_config_docker.__file__}]"
    )
except ImportError:
    logger.info("Using default Docker config...")

# Ensure you are using HTTPS
ENABLE_PROXY_FIX = True
PREFERRED_URL_SCHEME = 'https'
SESSION_COOKIE_HTTPONLY = "Lax"

#SSO Login
from flask_appbuilder.security.manager import AUTH_OAUTH
from custom_sso_security_manager import CustomSsoSecurityManager

# Set the authentication type to OAuth
AUTH_TYPE = AUTH_OAUTH

# Will allow user self registration, allowing to create Flask users from Authorized User
AUTH_USER_REGISTRATION = True

# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager

OAUTH_PROVIDERS = [{
   'name': 'SSO',
   'token_key': 'access_token',
   'icon': 'fa-windows',
   'remote_app':{
        'api_base_url': 'https://login.microsoft.com/tenant_id/oauth2',
        'request_token_url': None,
        'request_token_params': {
                'scope': 'openid profile email'
        },
        'access_token_url': 'https://login.microsoftonline.com/tenant_id/oauth2/v2.0/token',
        'acess_token_params':{
                'scope': 'openid profile email'
        },
        'authorize_url': 'https://login.microsoftonline.com/tenant_id/oauth2/v2.0/authorize',
        'authorize_params':{
                'scope': 'openid profile email'
        },
        'client_id': 'client-id(application-id)',
        'client_secret': 'secret-key',
        'jwks_uri': 'https://login.microsoftonline.com/common/discovery/v2.0/keys',
        'redirect_uri': 'https://superset.domain.com/oauth-authorize/callback'
   }
}]

OAUTH_USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'

from flask_appbuilder.security.manager import AUTH_OAUTH

def get_oauth_user_info(response):
    user_info = response.json()

    # Assign role based on domain
    if user_info['mail'].endswith('@domain.com'):
        return {
            'role': 'Admin',
            'user_info': user_info
        }
    else:
        return {
            'role': 'Public',
            'user_info': user_info
        }

所以我尝试了各种步骤，例如：

1. 检查我的应用程序（客户端）ID
2. 检查我的秘密密钥
3. 检查配置文件。

最终发现这是 Superset 的 GitHub 上的一个未解决问题 repo 也尝试了评论中提出的解决方案。

我遵循了所有步骤以及此

官方文档