hostname=jdbc:snowflake://y.ap-south-1.aws.snowflakecomputing.com/
user=
password=
account=y.ap-south-1
database=DEMO_DB
warehouse=COMPUTE_WH
schema=PUBLIC
this is my connection.properties
Every time i got incorrect username or password was specified
The reason for this error is that you are passing the username coming from Azure AD to Snowflake and expecting it to be authenticated with "snowflake" auth mechanism.
In the connection string, pass the following parameter as well:
authenticator=externalbrowser
What this will do is to open a browser session where you can then authenticate the user from AAD and session will pass the auth check.
Related
My SNOWFLAKE database is SSO login enabled and the SSO connectivity works perfectly fine when I connect through my chrome browser.
When I try to connect to SNOWFLAKE database using DBeaver (external browser) I get the below error .
NOTE : I can confirm that I am able to see the identity verification (through explorer browser) page and the identity has also been verified. I feel the issue happens when the explorer browser confirms the identity verification back to DBeaver.
Can anyone please help ?
The above error is a generic message and could be seen due to misconfigurations either at the identity provider end or at the service provider end.
It is recommended to verify the configurations for your identity provider and make sure all the steps are performed correctly.
Below could be the common reasons for this error, However, there might be other improper configs as well which could lead to a similar error message.
a. Mismatch in user configuration details at Idp(Identity provider) and Snowflake.
b. SSO certificates are incorrect.
Solution
a. Username configured at the Identity provider end should match with the login_name at snowflake end for that user. For instance, If the SAML response shows NameID as abc#xyz.com. Then login_name configured at Snowflake end should be same as abc#xyz.com
SAML response snippet:
abc#xyz.com
Set the login_name same as the NameID configured at the identity provider side.
alter user set login_name='abc#xyz.com';
b. SSO certificate configured at Snowflake end should match with the certificate configured at the identity provider end.
Note:
The certificate value contains a number of new lines. Remove the new lines, forming a certificate value with a single line.
If the above suggestions did not help then please check the error codes for the failed login attempt in Snowflake Information Schema using the below query. And check the reason for that error code here. The below query retrieve up to 100 login events of every user your current role is allowed to monitor in the last hour and you can modify it appropriately.
select * from table(information_schema.login_history(dateadd('hours',-1,current_timestamp()),current_timestamp())) order by event_time
lets say I have two on-premise domains (DomainA.org, domainB.org) and one tenant (domainA.onmicrosoft.com). Both domains are sync thanks to Azure AD Connect, so user from domainA can log to office.com, there is no problem. Hoever user from domainB getting this "Error validating credentials due to invalid username or password.", and when I changed password from portal.office.com for this user from domainB. I can log with this new password, but only to office365 services, its not sync to On-prem.
And another wierd thing is, that I cant change password for users from domainA.
Do You know where the problem is?
Thanks
I understand you have synced your 2 domains to Azure AD through Azure AD connect . Initially you have registered both the domain in Azure AD and verified both. Kindly check what kind of authentication you were using for Domain A since you were not able to change the password from Azure End. If you have federated that domain it is not possible to change from the cloud. If you were using password hash synchronization then the authentication will happen if cloud and you can change for managed domain.
I request you to go through this article about password writeback . When you are getting an error message while logging before resetting the password kindly note the correlation ID and time stamp and need to get a support ticket since it will be due to multiple reasons.
Windows service with logon as domian\user1
Added login to instance with this user, mapped to databases needed.
Connection from service is using windows auth
When it runs, I get this error :
System.Data.Entity.Core.EntityException: The underlying provider failed on Open. ---> System.Data.SqlClient.SqlException: Login failed for user domian\user1
Ive tried several things such as net use with the credentials, I know the password is correct.
Checked the spelling, the login matches.
What else?
[ update ]
Looking at the sql log, I see the same thing
Reason: Could not find a login matching the name provided
Its as if this login doesnt exist on the instance
When a user log in into my application, the credentials are the data for the database (user and password in a doctrine connection configuration). I wrote a AuthenticationProvider. He checks if the user can login with the data. If so, the token with the credentials is stored in the TokenStorage.
Now I overwrote the doctrine ConnectionFactory to add the credentials to the connection data, but the TokenStorage has always no token.
You can find the source code example here: https://github.com/fadoe/playground-dbauth
The login works fine, but when I create the database connection the TokenStorage is empty. I'am logged in as user. Can it be the firewall?
I'm getting the following error
Database Error: Cannot open database "TrendingDB" requested by
the login. The login failed. Login failed for user 'IIS
APPPOOL\CoreApplications'.
Even if I have a username password on my connection string. I use the same applications on the same 3 different environments, except that when I deployed the same application on another environment with it's own appsettings, it would give me the above error.
Not sure what I missed on the setup with this current environment. The username is verified to exist and can log in using the password. Also double checked the access to execute the stored procedure it's calling from the API.
The application is a .NET Core API.
{
"AppSettings": {
"Environment": "UAT",
"ConnectionString": "server=localhost\\SQLEXPRESS;database=TrendingDB;Connect Timeout=120;Trusted_Connection=True;User=webservice;Password=trending123"
}
}
You specify Trusted_Connection=True in your connection string. This uses the Windows Identity for the process and ignores any username and password you specify in the connection string. Remove that, so your connection string looks like
{
"AppSettings": {
"Environment": "UAT",
"ConnectionString": "server=localhost\\SQLEXPRESS;database=TrendingDB;Connect Timeout=120;User=webservice;Password=trending123"
}
}