Skip to content

Unable to Integrate AWS SAML 2.0 with Airflow 3.0.1 Using AWS Auth Manager #50653

New issue
New issue
Closed
#57974
Closed
Unable to Integrate AWS SAML 2.0 with Airflow 3.0.1 Using AWS Auth Manager#50653
#57974
Labels
affected_version:3.0Issues Reported for 3.0area:autharea:corekind:bugThis is a clearly a bugprovider:fab
@ashrafhulakoti

Description

@ashrafhulakoti
ashrafhulakoti
opened on May 15, 2025

Apache Airflow version

3.0.1

If "Other Airflow 2 version" selected, which one?

No response

What happened?

I’m attempting to integrate AWS SAML 2.0 authentication with Apache Airflow 3.0.1 using the new Auth Manager framework.

🔧 Setup Details:
Airflow Version: 3.0.1

Authentication Provider: AWS IAM Identity Center (formerly AWS SSO)

Authorization Provider: Amazon Verified Permissions

I have followed the official documentation for configuring the AWS Auth Manager, including setting the relevant environment variables.

What you think should happen instead?

On successful authentication, appropriate roles should be assigned via Verified Permissions

Users should be redirected back to the Airflow UI with proper access

How to reproduce

Follow the steps mentioned in the doc:
Authentication Provider: AWS IAM Identity Center (formerly AWS SSO)

Authorization Provider: Amazon Verified Permissions

Operating System

linux(Kubernetes Helm Chart)(apache/airflow:3.0.1)

Versions of Apache Airflow Providers

No response

Deployment

Official Apache Airflow Helm Chart

Deployment details

Helm chart 3.0.1 version

Anything else?

INFO: 10.200.5.116:36966 - "GET /login_callback HTTP/1.1" 200 OK INFO: 10.200.5.116:36966 - "GET /ui/config HTTP/1.1" 401 Unauthorized INFO: 10.200.5.116:36966 - "GET /api/v2/auth/login?next=https%3A%2F%2Fexample.com%2Flogin_callback HTTP/1.1" 307 Temporary Redirect INFO: 10.200.5.116:36966 - "GET /auth/login?next=https://example.com/login_callback HTTP/1.1" 307 Temporary Redirect INFO: 10.200.5.116:36966 - "GET /ui/config HTTP/1.1" 401 Unauthorized INFO: 10.200.5.116:36966 - "GET /api/v2/auth/login?next=https%3A%2F%2Fexample.com%2Flogin_callback HTTP/1.1" 307 Temporary Redirect INFO: 10.200.5.116:36966 - "GET /ui/auth/menus HTTP/1.1" 401 Unauthorized INFO: 10.200.5.116:3092 - "GET /api/v2/plugins HTTP/1.1" 401 Unauthorized

Image

Are you willing to submit PR?

  • Yes I am willing to submit a PR!

Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    affected_version:3.0Issues Reported for 3.0area:autharea:corekind:bugThis is a clearly a bugprovider:fab

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions