In KNIME, when connecting to an Azure PostgreSQL DB via the PostgreSQL Connector node, the options seem to be Credentials, UN/PW, or Kerberos (?). UN/PW works fine.
On Azure, the options are:
PostgreSQL authentication only (which works for KNIME’s UN/PW)
Microsoft Entra authentication only
PostgreSQL and Microsoft Entra authentication
How can we leverage the 2nd or even 3rd option with KNIME? The process for creating Entra app registrations and obtaining secrets is clear - but I don’t see how a Microsoft Connector node can output into one of the 3 options needed by the PostgreSQL node.
sorry for the long silence. I’m afraid it is not supported to use the Microsoft Authenticator node to authenticate a connection to Postgres.
This requires an additional Azure specific identity extension.
I haven’t tested this but only extracted this information from the Microsoft documentation:
You could try to create a Jar file that contains all the required libraries e.g. via Online Maven download tool and the provided XML file. Once you have the jar file you register it as a custom Postgres driver in KNIME. You can then select the driver in DB Connector node and use the following URL jdbc:postgresql://${AZ_DATABASE_SERVER_NAME}.postgres.database.azure.com:5432/${AZ_DATABASE_NAME}?sslmode=require&authenticationPluginClassName=com.azure.identity.extensions.jdbc.postgresql.AzurePostgresqlAuthenticationPlugin
For authentication select Username and enter ${YOUR_POSTGRESQL_USERNAME}@${AZ_DATABASE_NAME}. For more details on the different configurations see this documentation.
Edit: got the connection going. Realizing that this is not exactly Hub-friendly (requires local machine to CLI an Azure token). I understand workflow-level secrets are not available on KNIME hub (to store Entra app secret), so I will try to API this part in and hopefully be in a position to report back a more complete solution for both headless + user-based authentication.
I’m unable to get the shaded/custom driver going (which would be helpful to allow leaving password blank and enable more user-driven flow. That’s the next mission.
KNIME’s PostgreSQL Connector currently supports UN/PW, Credentials, or Kerberos, but not Microsoft Entra ID directly. To use Entra authentication, you’d need to configure a JDBC driver that supports Azure AD tokens or handle token retrieval externally and pass it through the JDBC connection string.
At present, this isn’t natively supported in KNIME, so the JDBC approach or a feature request would be the best path forward.
. Guessing a custom driver might be required to load up into the node?