-
Notifications
You must be signed in to change notification settings - Fork 14.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logout airflow on Web UI does not work using OAuth2 #17279
Comments
Thanks for opening your first issue here! Be sure to follow the issue template! |
This should probably be an issue over at https://github.com/dpgaspar/Flask-AppBuilder instead. |
dpgaspar/Flask-AppBuilder#1160 could probably solve this issue. |
Since dpgaspar/Flask-AppBuilder#1160 was closed by the stalebot and ignored after that, I opened PR dpgaspar/Flask-AppBuilder#1749 with the same changes. Hopefully that gets merged. |
Now that dpgaspar/Flask-AppBuilder#1749 is merged, this is one step closer to being fixed. TODO as of now:
|
Constraints should update itself - now when our tests are far less flaky, thiis works out-of-the-box. |
Flask App builder constraints are updated already - both main and 2.2 branch. So we could fix it in main and cherry-pick to 2.2.4 |
cc: @kaxil |
I just tested this and FAB does respect |
Apache Airflow version: 2.0.0
Kubernetes version (if you are using kubernetes) (use
kubectl version
): Client Version: Major:"1", Minor:"19", GitVersion:"v1.19.0",Server Version: Major:"1", Minor:"19",Environment:
uname -a
): Linux airflow-webserver-7bdf6db4f8-k9hkp 3.10.0-1127.10.1.el7.x86_64 Improving the search functionality in the graph view #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64 GNU/LinuxWhat happened:
We are trying to implement OAuth2 on airflow using Keycloak. We have already set up Keycloak and configured airflow, now the login is success. But when clicking logout on airflow, the session still exists in Keycloak. Go to /pipelines page again, user logs in.
What you expected to happen:
If user logout airflow, when he try to access pipelines again should redirect to login page. Session should be invalid in Keycloak and user need to re-enter username&password.
Maybe airflow should send a http request to Keycloak server to disable the session.
How to reproduce it:
Anything else we need to know:
When click logout, we checked Kecloak session, the session is still active.
If we disable it manually, the user will need to log in again, which is correct.
My guess is airflow need to send this request:
http://auth-server/auth/realms/{realm-name}/protocol/openid-connect/logout?redirect_uri=encodedRedirectUri
when user click logout.
The text was updated successfully, but these errors were encountered: