Reputation: 81
Is it possible to use `externalbrowser` authenticator inside docker container for connection authentication with Snowflake?
I am trying to use the snowflake connector inside docker container. I want to use the externalbrowser authenticator so that I can make connection using Okta credentials but the connector is failing with below mentioned error.
DatabaseError: (snowflake.connector.errors.DatabaseError) 250008 (08001): None: Failed to connect to DB: xx.snowflakecomputing.com:443, Unable to open a browser in this environment. (Background on this error at: http://sqlalche.me/e/13/4xp6)
Upvotes: 8
Views: 3220
Answers (3)
Reputation: 988
I spent hours trying to find a solution for that as I use SSO + MFA and there was no way to do that with 'Native SSO Okta' for example. And today GPT4 just found a simple solution for me.
I run the docker container like that docker run -it <docker-image> run -m <my_model>
It tries to open the web browser, can't do it so gives me a URL to copy paste into my browser on the host to proceed with the authentication and then asks me to copy paste the URL I am redirected to into the terminal and it works.
Steps to make this work in any headless environment:
- When
dbtfails to connect to the browser, it tells you the URL it tried to open:
Initiating login request with your identity provider. A browser
window should have opened for you to complete the login. If you can't
see it, check existing browser windows, or your OS settings. Press
CTRL+C to abort and try again...
Going to open: https://company.okta.com/app/snowflake/... to authenticate...
- Open that URL in your own browser where you can authenticate with your SSO provider.
- After the login, you are redirected to a "localhost" URL with a response. Copy this URL.
- Read the URL using
curlon your headless machine (the docker VM).
If this is successful, you should see some confirmation response on your curl output, like this:
$ curl http://localhost:53125/\?token\=7Vl....
<!DOCTYPE html><html><head><meta charset="UTF-8"/>
<title>SAML Response for Snowflake</title></head>
<body>
Your identity was confirmed and propagated to Snowflake dbt.
You can close this window now and go back where you started from.
</body></html>
Then, on the dbt connection that was trying to log you in, you should see that the authentication was successful and the command proceeded.
Upvotes: 1
Reputation: 21
I curled the url returned from SSO in the VS Code terminal on the devcontainer and I logged on to Snowflake in VS Code Jupyter Notebook. curl <url>
Upvotes: 0
Reputation: 1180
As an aside, I'd recommend removing your account name from the question (shown in the error).
You are correct that the "externalbrowser" option is a browser-based SSO. It might be possible to get this running a docker container with some extended software and configuration, but I wouldn't recommend it as it doesn't seem worth the effort.
Instead, there's alternative SSO authentication methods you can look at such as Native SSO Okta, key-pair authentication, or external OAuth. These won't require the browser.
Upvotes: 1
Related Questions
- Snowflake Python connection using externalbrowser authenticator
- Build a combined docker image for snowflake-kafka-connector with cp-kafka-connect-base to deploy on kafka connect cluster
- snowsql --authenticator=externalbrowser error using firefox+ubuntu
- Use Ipython-sql with snowflake and externalbrowser authenticator
- How to connect to Snowflake Web UI with custom OAuth integration
- "Authenticator" missing in DataGrip Snowflake connector
- Error trying to connect to snowflake from python using the AzureAD login
- query snowflake with sso without external browser
- How can I use IdentityServer4 from inside and outside a docker machine?
- How to setup a pypiserver with docker with custom a authentication?