Adding a login to your app

Implement app login using the Peliqan Secret Store

In order to implement user login into your Streamlit app on Peliqan, you can use the Peliqan Secret Store to store credentials per user in a secure manner, and you can validate credentials in your app.

In the below example we add a new Secret Store for each user of the app. For example if you have 5 users, you will add 5 Secret Stores.

Step 1: Create a username and password and save it in a Secret Store. In Peliqan, go to “Connections”, click on “Add new connection” and select “Secret Store”. Give it a name, this will be the username (login) and enter a password for the Secret.

Step 2: Use pq.get_secret('<connection_name>') to verify login credentials in your app where the connection name is the user login.

Example code:

def check_login(login, password):
    try:
        return pq.get_secret(login) == password
    except:
        return False

if "logged_in" not in st.session_state:
    st.session_state.logged_in = False

# Login form
if not st.session_state.logged_in:
    st.title("Login")

    with st.form("login_form"):
        login = st.text_input("Username")
        password = st.text_input("Password", type="password")
        submitted = st.form_submit_button("Log In")

        if submitted:
            if check_login(login, password):
                st.session_state.logged_in = True
                st.session_state.login = login
                st.experimental_rerun()
            else:
                st.error("Invalid username or password")

# After login
if st.session_state.logged_in:
    st.success(f"Welcome %s, you are logged in!" % st.session_state.login)
   
    if st.button("Log out"):
        st.session_state.logged_in = False
        st.experimental_rerun()

SSO with Microsoft Azure Entra

Here are the steps to enable Single Sign On in your Streamlit app on Peliqan using Microsoft accounts from Azure Entra.

Steps to follow in Azure

In Azure, go to "Enterprise applications".

Click on "+ Create your own application".

Enter a name (e.g. "Peliqan SAML Streamlit") and select "Integrate any other application you don't find in the gallery (Non-gallery)".

In the app details, go to Manage > Single sign-on.

Select SAML.

Enter details:

Identifier (Entity ID): e.g. "Peliqan-Streamlit"
Reply URL (Assertion Consumer Service URL): see below, e.g. "https://api.eu.peliqan.io/123/saml"

Under "Attributes & Claims":

Add a "Group claim".

Select "Groups assigned to the application".

Under “Source attribute”, select “Cloud-only group display names”.

Under "Users and groups":

Click on "+ Add user/group".

Select all groups that you want to use in the SAML login and add them to your app.

Steps to take in Peliqan

Add 2 apps:

Streamlit app with login, named e.g. "App with SSO login"
API handler to receive redirect (reply) after login, named e.g. "SAML Redirect API handler"

Add an API endpoint:

Name e.g. "SAML Redirect"
Authorization: Public
Path, e.g. "/saml"
Method: GET
App handler: the API handler script from above, e.g. "SAML Redirect API handler"

The URL will be e.g.: https://api.eu.peliqan.io/123/saml

Note down the URL and configure it as redirect URL in the main app with SAML login. Also configure this URL in Azure for your app, as the Reply URL (Assertion Consumer Service URL).

Example script with SSO login:

‣

Click here to expand script

Example script to handle SAML reply:

‣

Click here to expand script