To integrate Superset and Keycloak, use this configuration (superset_config.py):
from flask_appbuilder.security.manager import AUTH_OAUTH
AUTH_TYPE = AUTH_OAUTH
OAUTH_PROVIDERS = [
{
'name':'keycloak',
'token_key':'access_token',
'icon':'fa-address-card',
'remote_app': {
'client_id':'<superset>',
'client_secret':'<secret>',
"client_kwargs": {"scope": "email profile"},
'server_metadata_url': '<keycloak_url>/realms/destra/.well-known/openid-configuration',
'api_base_url': '<keycloak_url>/realms/destra/protocol/',
}
}
]
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "Public"
The tricks are in the Flask-AppBuilder implementation:
* Use "keycloak" as provide name (Extends SupersetSecurityManager it is not necessary)
* Fix the "api_base_url" parameter
* The scope must have "openid", "email" and "profile" entries.
This links can help you understand how Flask-AppBuilder handle with keycloak integration:
https://github.com/dpgaspar/Flask-AppBuilder/blob/f4a8cfd9f31f7eb36fb7891ccf9747b7506a41d3/examples/oauth/config.py#L110