We are not allowed to pull extensions from the normal KNIME location due to company rules. We have been downloading the extension zip files and setting up an internal repository using anonymous access. The company now want the repository to require authentication, ID/ Password, Active Directory, Okta or some other authentication mechanism.
I have been searching the forum and documentation but I cannot find a way to set up any kind of authentication on the extension installation. Any ideas?
Hi
Repository sth like Github?
I assume this would be handled outside of KNIME (rather like a website login / request access to the specific file / file location
br
Even if the user has authenticated on a session, when KNIME pulls the extension it looks like a new session and has to be authenticated. Something like Okta wants to send a web page to request an MFA authorization but the web page never appears because the session is under KNIME. Something like Nexus wants and ID/PSW and having the user authenticate also does not work for the KNIME extension session.
@StevenLauretti
@kevweath
not sure if it helps but it seems to be possible to install extensions from predownloaded zip files
br
Hi Daniel,
Yes, we have downloaded the zip files and have them loaded up internally. Currently the system is working in anonymous mode but our IS security wants authentication to be enabled and we are having trouble getting the sessions to install extensions to authenticate.
The extension download mechanism supports update sites that require BASIC authentication - the kind of authentication that pops up a login windows in your browser. The same will happen in KNIME, a login popup will appear. Any other kind of authentication, especially MFA, are not supported.
Don’t know if this over-complicates the situation.
Have you/ your IT department considered putting the internal repository on its own VPN (virtual private network). Anyone that requires access to the server would then need to establish a connection to the VPN to access the server. Authentication and logging would then be managed at the VPN level rather than on the server.It’s not pretty, but provides security and isolation.
DiaAzul
LinkedIn Profile
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.