From 5337440ff9f215ff2625820d210dd29f4b3bfbde Mon Sep 17 00:00:00 2001 From: Ishaan Jaff Date: Mon, 23 Sep 2024 16:34:30 -0700 Subject: [PATCH] [Feat] SSO - add `provider` in the OpenID field for custom sso (#5849) * service_account_settings on config * include provider in OpenID for custom sso * add GENERIC_PROVIDER_ATTRIBUTE to docs * use correct naming scheme --- docs/my-website/docs/proxy/ui.md | 1 + litellm/proxy/management_endpoints/ui_sso.py | 5 +++ litellm/proxy/proxy_config.yaml | 36 +++----------------- 3 files changed, 11 insertions(+), 31 deletions(-) diff --git a/docs/my-website/docs/proxy/ui.md b/docs/my-website/docs/proxy/ui.md index 85cb2eb98..e18a9e2e5 100644 --- a/docs/my-website/docs/proxy/ui.md +++ b/docs/my-website/docs/proxy/ui.md @@ -180,6 +180,7 @@ GENERIC_USER_DISPLAY_NAME_ATTRIBUTE = "display_name" GENERIC_USER_FIRST_NAME_ATTRIBUTE = "first_name" GENERIC_USER_LAST_NAME_ATTRIBUTE = "last_name" GENERIC_USER_ROLE_ATTRIBUTE = "given_role" +GENERIC_USER_PROVIDER_ATTRIBUTE = "provider" GENERIC_CLIENT_STATE = "some-state" # if the provider needs a state parameter GENERIC_INCLUDE_CLIENT_ID = "false" # some providers enforce that the client_id is not in the body GENERIC_SCOPE = "openid profile email" # default scope openid is sometimes not enough to retrieve basic user info like first_name and last_name located in profile scope diff --git a/litellm/proxy/management_endpoints/ui_sso.py b/litellm/proxy/management_endpoints/ui_sso.py index 8e4c92c5b..7d21b2015 100644 --- a/litellm/proxy/management_endpoints/ui_sso.py +++ b/litellm/proxy/management_endpoints/ui_sso.py @@ -356,6 +356,10 @@ async def auth_callback(request: Request): "GENERIC_USER_LAST_NAME_ATTRIBUTE", "last_name" ) + generic_provider_attribute_name = os.getenv( + "GENERIC_USER_PROVIDER_ATTRIBUTE", "provider" + ) + verbose_proxy_logger.debug( f" generic_user_id_attribute_name: {generic_user_id_attribute_name}\n generic_user_email_attribute_name: {generic_user_email_attribute_name}\n generic_user_role_attribute_name: {generic_user_role_attribute_name}" ) @@ -373,6 +377,7 @@ async def auth_callback(request: Request): email=response.get(generic_user_email_attribute_name), first_name=response.get(generic_user_first_name_attribute_name), last_name=response.get(generic_user_last_name_attribute_name), + provider=response.get(generic_provider_attribute_name), ) SSOProvider = create_provider( diff --git a/litellm/proxy/proxy_config.yaml b/litellm/proxy/proxy_config.yaml index ed5e703f5..fda8deadd 100644 --- a/litellm/proxy/proxy_config.yaml +++ b/litellm/proxy/proxy_config.yaml @@ -24,34 +24,8 @@ litellm_settings: cache: true # callbacks: ["otel"] -guardrails: - - guardrail_name: "aporia-pre-guard" - litellm_params: - guardrail: aporia # supported values: "aporia", "bedrock", "lakera" - mode: "post_call" - api_key: os.environ/APORIA_API_KEY_1 - api_base: os.environ/APORIA_API_BASE_1 - - guardrail_name: "aporia-post-guard" - litellm_params: - guardrail: aporia # supported values: "aporia", "bedrock", "lakera" - mode: "post_call" - api_key: os.environ/APORIA_API_KEY_2 - api_base: os.environ/APORIA_API_BASE_2 - - guardrail_name: "bedrock-pre-guard" - litellm_params: - guardrail: bedrock # supported values: "aporia", "bedrock", "lakera" - mode: "during_call" - guardrailIdentifier: ff6ujrregl1q - guardrailVersion: "DRAFT" - - guardrail_name: "custom-pre-guard" - litellm_params: - guardrail: custom_guardrail.myCustomGuardrail - mode: "pre_call" - - guardrail_name: "custom-during-guard" - litellm_params: - guardrail: custom_guardrail.myCustomGuardrail - mode: "during_call" - - guardrail_name: "custom-post-guard" - litellm_params: - guardrail: custom_guardrail.myCustomGuardrail - mode: "post_call" \ No newline at end of file + +general_settings: + service_account_settings: + required_params: ["user"] +