[Feat] SSO - add provider in the OpenID field for custom sso (#5849)

* service_account_settings on config * include provider in OpenID for custom sso * add GENERIC_PROVIDER_ATTRIBUTE to docs * use correct naming scheme
2024-09-23 16:34:30 -07:00 · 2024-09-23 16:34:30 -07:00 · 5337440ff9
commit 5337440ff9
parent c19592e502
3 changed files with 11 additions and 31 deletions
--- a/docs/my-website/docs/proxy/ui.md
+++ b/docs/my-website/docs/proxy/ui.md
@ -180,6 +180,7 @@ GENERIC_USER_DISPLAY_NAME_ATTRIBUTE = "display_name"
 GENERIC_USER_FIRST_NAME_ATTRIBUTE = "first_name"
 GENERIC_USER_LAST_NAME_ATTRIBUTE = "last_name"
 GENERIC_USER_ROLE_ATTRIBUTE = "given_role"
 GENERIC_USER_PROVIDER_ATTRIBUTE = "provider"
 GENERIC_CLIENT_STATE = "some-state" # if the provider needs a state parameter
 GENERIC_INCLUDE_CLIENT_ID = "false" # some providers enforce that the client_id is not in the body
 GENERIC_SCOPE = "openid profile email" # default scope openid is sometimes not enough to retrieve basic user info like first_name and last_name located in profile scope
--- a/litellm/proxy/management_endpoints/ui_sso.py
+++ b/litellm/proxy/management_endpoints/ui_sso.py
@ -356,6 +356,10 @@ async def auth_callback(request: Request):
            "GENERIC_USER_LAST_NAME_ATTRIBUTE", "last_name"
        )
        generic_provider_attribute_name = os.getenv(
            "GENERIC_USER_PROVIDER_ATTRIBUTE", "provider"
        )
        verbose_proxy_logger.debug(
            f" generic_user_id_attribute_name: {generic_user_id_attribute_name}\n generic_user_email_attribute_name: {generic_user_email_attribute_name}\n generic_user_role_attribute_name: {generic_user_role_attribute_name}"
        )
@ -373,6 +377,7 @@ async def auth_callback(request: Request):
                email=response.get(generic_user_email_attribute_name),
                first_name=response.get(generic_user_first_name_attribute_name),
                last_name=response.get(generic_user_last_name_attribute_name),
                provider=response.get(generic_provider_attribute_name),
            )
        SSOProvider = create_provider(
--- a/litellm/proxy/proxy_config.yaml
+++ b/litellm/proxy/proxy_config.yaml
@ -24,34 +24,8 @@ litellm_settings:
  cache: true
  # callbacks: ["otel"]
-guardrails:
+
-  - guardrail_name: "aporia-pre-guard"
+general_settings:
-    litellm_params:
+  service_account_settings:
-      guardrail: aporia  # supported values: "aporia", "bedrock", "lakera"
+    required_params: ["user"]
-      mode: "post_call"
+
      api_key: os.environ/APORIA_API_KEY_1
      api_base: os.environ/APORIA_API_BASE_1
  - guardrail_name: "aporia-post-guard"
    litellm_params:
      guardrail: aporia  # supported values: "aporia", "bedrock", "lakera"
      mode: "post_call"
      api_key: os.environ/APORIA_API_KEY_2
      api_base: os.environ/APORIA_API_BASE_2
  - guardrail_name: "bedrock-pre-guard"
    litellm_params:
      guardrail: bedrock  # supported values: "aporia", "bedrock", "lakera"
      mode: "during_call"
      guardrailIdentifier: ff6ujrregl1q
      guardrailVersion: "DRAFT"
  - guardrail_name: "custom-pre-guard"
    litellm_params:
      guardrail: custom_guardrail.myCustomGuardrail  
      mode: "pre_call"
  - guardrail_name: "custom-during-guard"
    litellm_params:
      guardrail: custom_guardrail.myCustomGuardrail  
      mode: "during_call"
  - guardrail_name: "custom-post-guard"
    litellm_params:
      guardrail: custom_guardrail.myCustomGuardrail
      mode: "post_call"