How to implement an SSO provider with STREAMLIT

estem · October 30, 2024, 9:53am

Hi,
I’m new to streamlit, i’m trying to develop a POC for the company, one of the questions that I have not found an answer for it on the internet is, Does streamlit support SSO support with the different providers on the market.(SAML2, …).
could any one please help or provide any resources that could help please ?
thanks

zoltan-spire · November 4, 2024, 7:19am

I don’t know how this relates to the “official” streamlit recommendations (have you checked out streamlit-authenticator?), but one way to do it is using an authentication proxy (such as oauth2-proxy) to to inject an JWT token in the Authorization header of each request, and use st.context.headers to read the header:

jwt.decode(st.context.headers["Authorization"], options={"verify_signature": False})

estem · November 5, 2024, 8:30am

HI @zoltan-spire , thanks for your reply.
what I meant is how can I use an SSO provider like Okta or SAML 2 with streamlit ?
thanks

latent · November 15, 2024, 6:50pm

Hi @estem, I’ve wrote a post adding SAML to a Streamlit app if that can help!

estem · November 15, 2024, 7:09pm

thanks for your reply…that what i was looking for .
but i have a question please, si it possible to implement SAML without use flask ? because I have an app built only using streamlit. so should I include flask t handle SSO with SAML ?

latent · November 15, 2024, 7:28pm

Streamlit can’t receive the POST request which is returned from the Identity Provider after the SSO, so you will need another server to be able to process the SAML response. (acs endpoint). You can package both apps together into a single Docker container, with a reverse proxy like NGINX to send the requests to the right server based on the subdomain (auth.your-app.com and your-app.com).

estem · November 15, 2024, 7:53pm

thank you a lot…it is clear for me now.
You can package both apps together into a single Docker container, with a reverse proxy like NGINX to send the requests to the right server based on the subdomain
=> Do you have an example please how i can achieve that…because I’m new to python world.
thanks in advanced.

latent · November 15, 2024, 10:17pm

The principal is the same as the following example

Here your have 2 Streamlit applications running in the same container
It’s the same setup, but instead of two streamlit app, it’s one Streamlit app + one is Flask app (or any other web server app). and you can manage the where the request goes, base on the /path or subdomain.domain.tld for example

Topic		Replies	Views
SSO in streamlit Using Streamlit discussion	3	1311	October 7, 2024
SSO Integration Using Streamlit session-state , authentication	3	15220	October 13, 2022
Integrate corporate SSO into streamlit Using Streamlit discussion	3	92	November 17, 2024
Add custom SAML2 authentication to streamlit component Using Streamlit discussion	0	54	October 8, 2024
Adding SSO on streamlit app Using Streamlit	10	12753	July 22, 2024

How to implement an SSO provider with STREAMLIT

Related topics

Hello there 👋🏻

Cookie settings

Strictly necessary cookies

Performance cookies

Functional cookies

Targeting cookies