How to set the two types of authentication for airflow: AUTH_LDAP and AUTH_DB? If airflow can't find an user in AUTH_LDAP it has to search in AUTH_DB
Question:
I would like to set up two types of authentification in the Airflow webserver. The first preferred type is LDAP. If airflow doesn’t find a user in LDAP it has to try to find credentials for the user in airflow_db (default authentification method for airflow).
- First I try to set several auth methods in webserver_config.py:
from flask_appbuilder.security.manager import AUTH_LDAP
from airflow.www.fab_security.manager import AUTH_DB
AUTH_TYPE = [AUTH_LDAP, AUTH_DB]
But It didn’t work.
- After I tried to change auth_backend in airflow.cfg
auth_backend = airflow.contrib.auth.backends.ldap_auth.LDAPAuthBackend,airflow.contrib.auth.backends.password_auth.PasswordUser
But it didn’t work too.
Are there any methods for setting several types of authentification in the airflow webserver?
Answers:
In short, no. You can only configure a single authentication type.
Airflow leverages Flask-AppBuilder for authentication. Two notes:
- OAuth authentication does allow for configuring multiple OAuth providers (e.g. Google and Okta), see https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-oauth.
- A similar question was asked here: How to support both OAuth and Basic Auth in FlaskAppBuilder in Superset. You could technically subclass FAB’s SecurityManager to implement your own behavior.
Also, see this GitHub issue requesting the same: https://github.com/dpgaspar/Flask-AppBuilder/issues/1803.
I would like to set up two types of authentification in the Airflow webserver. The first preferred type is LDAP. If airflow doesn’t find a user in LDAP it has to try to find credentials for the user in airflow_db (default authentification method for airflow).
- First I try to set several auth methods in webserver_config.py:
from flask_appbuilder.security.manager import AUTH_LDAP
from airflow.www.fab_security.manager import AUTH_DB
AUTH_TYPE = [AUTH_LDAP, AUTH_DB]
But It didn’t work.
- After I tried to change auth_backend in airflow.cfg
auth_backend = airflow.contrib.auth.backends.ldap_auth.LDAPAuthBackend,airflow.contrib.auth.backends.password_auth.PasswordUser
But it didn’t work too.
Are there any methods for setting several types of authentification in the airflow webserver?
In short, no. You can only configure a single authentication type.
Airflow leverages Flask-AppBuilder for authentication. Two notes:
- OAuth authentication does allow for configuring multiple OAuth providers (e.g. Google and Okta), see https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-oauth.
- A similar question was asked here: How to support both OAuth and Basic Auth in FlaskAppBuilder in Superset. You could technically subclass FAB’s SecurityManager to implement your own behavior.
Also, see this GitHub issue requesting the same: https://github.com/dpgaspar/Flask-AppBuilder/issues/1803.