As part of our project to T362788: Migrate Airflow to the dse-k8s cluster we would like to be able to improve the security model for Airflow, such that is uses the CAS/SSO system as a login authentication source.

Specifically, we would like to use the OIDC protocol.

Given that the Airflow webserver is a flask application, built with FAB (flask application builder) the process of configuring OIDC should be quite similar to that we undertook for Superset in T353794: Configure OIDC Authentication for Superset on K8S.