failed to turn code into token

KNIME Server
1

I am user Azure Oauth to authenticate the KNIME Server , below error message i am getting

"failed to turn code into token
status from server: 401
{“error”:“invalid_client”,“error_description”:"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: e419xxxxxxxxxx00\r\nCorrelation "

My KNIME.xml file code as below

<Manager pathname=""/>
    
<Parameter name="com.knime.server.repository" override="false" value="D:\KNIME\knime_server\workflow_repository"/>
    
<ResourceLink global="H2UserDatabase" name="H2UserDatabase" type="javax.sql.DataSource"/>
     
<Valve className="com.knime.enterprise.tomcat.authenticator.KnimeServerAuthenticator" enableSpnego="false" basicAuthPaths="/rest"

formAuthPaths="/" secretKey=“xxxxxxxxx” enableOAuth=“true” enableBasicAuthWithOAuth=“false”/>

My KNIME ODIC config.json file setting details below
{
“identity-provider-name”: “Azure”,
“auth-server-url”: “Sign in to your account”,
“resource”: “xxxxxxxxxxx”,
“credentials”: {
“secret”: “xxxxxxxxx”

},
“additional-authorization-endpoint-parameters”: “&additional-parameter=some-value&some-other-parameter=some-value”,
“additional-scopes”: “additional-scope another-scope”,
“principal-attribute”: “claim-used-for-principal-mapping”,
“minimal-access-token-parsing”:“true”,
“allow-opaque-access-token”:“true”,
“treat-access-token-as-opaque”:“true”
}

2

Hi @rvrs ,

From the error message it shows as “Invalid client secret is provided”. Please reconfigure your oidc.config.json file to reflect the proper value.

Make sure you have copied client secret value and not the client secret ID.

image
image1819×821 98.3 KB

Please let me know if this helps.

Thanks,
Zack

3

Hi Knime Team,
It is not working , even i regenerated new secret in azure and integrated with KNIME server .

4

Error details

Calling hasUserDataPermission()

26-Jul-2021 07:43:10.405 FINE [http-nio-8080-exec-3] org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint has no restrictions

26-Jul-2021 07:43:10.405 FINE [http-nio-8080-exec-3] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate()

26-Jul-2021 07:43:10.405 FINE [http-nio-8080-exec-3] com.knime.enterprise.tomcat.authenticator.oidc.KnimeOAuthRequestAuthenticator.resolveCode checking state cookie for after code

26-Jul-2021 07:43:10.405 FINE [http-nio-8080-exec-3] com.knime.enterprise.tomcat.authenticator.oidc.KnimeOAuthRequestAuthenticator.resolveCode Redirect URI for code to token exchange: https://xxxx.com/knime/

26-Jul-2021 07:43:10.766 SEVERE [http-nio-8080-exec-3] com.knime.enterprise.tomcat.authenticator.oidc.KnimeOAuthRequestAuthenticator.resolveCode failed to turn code into token

26-Jul-2021 07:43:10.766 SEVERE [http-nio-8080-exec-3] com.knime.enterprise.tomcat.authenticator.oidc.KnimeOAuthRequestAuthenticator.resolveCode status from server: 401

26-Jul-2021 07:43:10.766 SEVERE [http-nio-8080-exec-3] com.knime.enterprise.tomcat.authenticator.oidc.KnimeOAuthRequestAuthenticator.resolveCode {“error”:“invalid_client”,“error_description”:“AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: 48b9b272-0280-41b7-8bbb-8c3b71055600\r\nCorrelation ID: b99f0e42-adf5-4f76-a517-0b84e3bb1224\r\nTimestamp: 2021-07-26 07:43:10Z”,“error_codes”:[7000215],“timestamp”:“2021-07-26 07:43:10Z”,“trace_id”:“48b9b272-0280-41b7-8bbb-8c3b71055600”,“correlation_id”:“b99f0e42-adf5-4f76-a517-0b84e3bb1224”,“error_uri”:“https://login.microsoftonline.com/error?code=7000215”}

5

Hi KNIME team

Can you share whole steps need to be done in AZURE AD (Setting perspective )
what are the parameters , need to be add in KNIME server

6

Hey @rvrs ,

Would you mind submitting a ticket to our support@knime.com email? This way we can set up a zoom call off of this thread, as it may be more environment related than KNIME at the moment. I’ll pick it up and we can set something up.

Thanks,
Zack