我正在使用 docker compose 在 AWS EC2 实例中运行一个超集。当我进行 docker compose up 时,服务器启动,我可以看到服务器正在运行。此外,我还为 Microsoft 配置了 SSO,以便超集登录。
因此流程将是:用户来到 superset 的登录页面,输入经过身份验证的 Microsoft 凭据,并将其重定向到 superset 内部。
但就我而言,它对用户进行身份验证并重定向到登录页面,并显示无效登录。请再试一次。
虽然我的 superset_app 容器日志显示 werkzeug.exceptions.NotFound:404 Not Found:在服务器上找不到请求的 URL。
链接是我的超集logs图像。
这是
superset_config
.py 文件
import logging
import os
from celery.schedules import crontab
from flask_caching.backends.filesystemcache import FileSystemCache
logger = logging.getLogger()
DATABASE_DIALECT = os.getenv("DATABASE_DIALECT")
DATABASE_USER = os.getenv("DATABASE_USER")
DATABASE_PASSWORD = os.getenv("DATABASE_PASSWORD")
DATABASE_HOST = os.getenv("DATABASE_HOST")
DATABASE_PORT = os.getenv("DATABASE_PORT")
DATABASE_DB = os.getenv("DATABASE_DB")
EXAMPLES_USER = os.getenv("EXAMPLES_USER")
EXAMPLES_PASSWORD = os.getenv("EXAMPLES_PASSWORD")
EXAMPLES_HOST = os.getenv("EXAMPLES_HOST")
EXAMPLES_PORT = os.getenv("EXAMPLES_PORT")
EXAMPLES_DB = os.getenv("EXAMPLES_DB")
# The SQLAlchemy connection string.
SQLALCHEMY_DATABASE_URI = (
f"{DATABASE_DIALECT}://"
f"{DATABASE_USER}:{DATABASE_PASSWORD}@"
f"{DATABASE_HOST}:{DATABASE_PORT}/{DATABASE_DB}"
)
SQLALCHEMY_EXAMPLES_URI = (
f"{DATABASE_DIALECT}://"
f"{EXAMPLES_USER}:{EXAMPLES_PASSWORD}@"
f"{EXAMPLES_HOST}:{EXAMPLES_PORT}/{EXAMPLES_DB}"
)
REDIS_HOST = os.getenv("REDIS_HOST", "redis")
REDIS_PORT = os.getenv("REDIS_PORT", "6379")
REDIS_CELERY_DB = os.getenv("REDIS_CELERY_DB", "0")
REDIS_RESULTS_DB = os.getenv("REDIS_RESULTS_DB", "1")
RESULTS_BACKEND = FileSystemCache("/app/superset_home/sqllab")
CACHE_CONFIG = {
"CACHE_TYPE": "RedisCache",
"CACHE_DEFAULT_TIMEOUT": 300,
"CACHE_KEY_PREFIX": "superset_",
"CACHE_REDIS_HOST": REDIS_HOST,
"CACHE_REDIS_PORT": REDIS_PORT,
"CACHE_REDIS_DB": REDIS_RESULTS_DB,
}
DATA_CACHE_CONFIG = CACHE_CONFIG
class CeleryConfig:
broker_url = f"redis://{REDIS_HOST}:{REDIS_PORT}/{REDIS_CELERY_DB}"
imports = (
"superset.sql_lab",
"superset.tasks.scheduler",
"superset.tasks.thumbnails",
"superset.tasks.cache",
)
result_backend = f"redis://{REDIS_HOST}:{REDIS_PORT}/{REDIS_RESULTS_DB}"
worker_prefetch_multiplier = 1
task_acks_late = False
beat_schedule = {
"reports.scheduler": {
"task": "reports.scheduler",
"schedule": crontab(minute="*", hour="*"),
},
"reports.prune_log": {
"task": "reports.prune_log",
"schedule": crontab(minute=10, hour=0),
},
}
CELERY_CONFIG = CeleryConfig
FEATURE_FLAGS = {"ALERT_REPORTS": True}
ALERT_REPORTS_NOTIFICATION_DRY_RUN = True
# When using docker compose baseurl should be http://superset_app:8088/
# The base URL for the email report hyperlinks.
SQLLAB_CTAS_NO_LIMIT = True
#
# Optionally import superset_config_docker.py (which will have been included on
# the PYTHONPATH) in order to allow for local settings to be overridden
#
try:
import superset_config_docker
from superset_config_docker import * # noqa
logger.info(
f"Loaded your Docker configuration at " f"[{superset_config_docker.__file__}]"
)
except ImportError:
logger.info("Using default Docker config...")
# Ensure you are using HTTPS
ENABLE_PROXY_FIX = True
PREFERRED_URL_SCHEME = 'https'
SESSION_COOKIE_HTTPONLY = "Lax"
#SSO Login
from flask_appbuilder.security.manager import AUTH_OAUTH
from custom_sso_security_manager import CustomSsoSecurityManager
# Set the authentication type to OAuth
AUTH_TYPE = AUTH_OAUTH
# Will allow user self registration, allowing to create Flask users from Authorized User
AUTH_USER_REGISTRATION = True
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
OAUTH_PROVIDERS = [{
'name': 'SSO',
'token_key': 'access_token',
'icon': 'fa-windows',
'remote_app':{
'api_base_url': 'https://login.microsoft.com/tenant_id/oauth2',
'request_token_url': None,
'request_token_params': {
'scope': 'openid profile email'
},
'access_token_url': 'https://login.microsoftonline.com/tenant_id/oauth2/v2.0/token',
'acess_token_params':{
'scope': 'openid profile email'
},
'authorize_url': 'https://login.microsoftonline.com/tenant_id/oauth2/v2.0/authorize',
'authorize_params':{
'scope': 'openid profile email'
},
'client_id': 'client-id(application-id)',
'client_secret': 'secret-key',
'jwks_uri': 'https://login.microsoftonline.com/common/discovery/v2.0/keys',
'redirect_uri': 'https://superset.domain.com/oauth-authorize/callback'
}
}]
OAUTH_USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'
from flask_appbuilder.security.manager import AUTH_OAUTH
def get_oauth_user_info(response):
user_info = response.json()
# Assign role based on domain
if user_info['mail'].endswith('@domain.com'):
return {
'role': 'Admin',
'user_info': user_info
}
else:
return {
'role': 'Public',
'user_info': user_info
}
所以我尝试了各种步骤,例如:
最终发现这是 Superset 的 GitHub 上的一个未解决问题 repo 也尝试了评论中提出的解决方案。
我遵循了所有步骤以及此
官方文档中的
docker-compose.yaml
代码,但没有运气
您需要遵循
https://superset.apache.org/docs/configuration/configuring-superset/#custom-oauth2-configuration
中的说明
我需要在 CustomSsoSecurityManager 函数中进行更多自定义 您必须从
self.find_user
检查用户,然后使用 login_user
进行登录