sayu
December 13, 2021, 1:04am
1
We continue to strive for OAUth Authentication by modifying knime-oidc-config.json
The contents of the file are as follows.
{
“identity-provider-name” : “Google Identity Provider”,
“auth-server-url”: “https://accounts.google.com/o/oauth2/auth” ,
“authorization-endpoint” : “https://accounts.google.com/o/oauth2/auth” ,
“token-endpoint” : “https://oauth2.googleapis.com/token” ,
“jwks-endpoint” : “https://www.googleapis.com/oauth2/v1/certs” ,
“userinfo-endpoint” : “https://www.googleapis.com/oauth2/v1/userinfo” ,
“resource”: “client id”,
“credentials”: {
“secret” : “secret key”
},
“additional-scopes”: “email profile”,
“principal-attribute”: “email”,
“group-mapping-claim”: “as_user oauth”
}
Redirecting to the Google sign-in page was successful. An 403 error occurs after I login in the Google page.
Error Page URI:
http://knimedomain:8080/knime/?state=6f397559-0ade-4656-b246-f053d4fea92b&code=4%2F0AX4XfWhI4Qk_FTAI1KFlqbGvoa0MuydrqN8YN0IWKntxSXIA70KkpEaBsthfUrpSTskyNA&scope=email+profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&authuser=0&prompt=none#
Could I get a sample knime-oidc -config.json form related to google OAuth 2.0?
I’m not sure what the problem is.
I would appreciate if you could support me on this problem.
Hi @sayu
have a look, if this works for you:
{
"identity-provider-name": "Google",
"auth-server-url": "https://accounts.google.com/",
"resource": "",
"credentials": {
"secret" : ""
},
"additional-authorization-endpoint-parameters": "&prompt=select_account&access_type=offline",
"additional-scopes": "profile email",
"principal-attribute": "email",
"redirect-rewrite-rules" : {
"^?scope.*" : ""
},
"allow-opaque-access-token" : "true",
"principal-attribute-to-username-regex" : "@<some-domain>"
}
Most importantly, the "additional-authorization-endpoint-parameters"
is needed for google. The "principal-attribute-to-username-regex"
entry is optional, in case you want to map emails usernames without the @ domain.
For anyone else coming here, we also have documentation here: KNIME Server Advanced Setup Guide .
Kind regards
Marvin
2 Likes
Hi @sayu
I hope you managed to tweak the configuration and got it to work.
Do let us know if you needed any additional changes, or should you still have problems.
Kind regards
Marvin
2 Likes
sayu
December 21, 2021, 5:58am
4
I really appreciate your help in resolving the problem.
I have additional question.
Is Knime server possible to use only OAuth that does not support OpenID Connect. I saw Knime Server automatically adds openid to the scope parameter.
Hi @sayu
No, we do require OpenID Connect. Is there a reason you need to use OAuth only? Google should work just fine as authentication provider.
Kind regards
Marvin
system
Closed
January 20, 2022, 8:32am
6
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.