Knime openId connect a few left configuration steps

b_kochs · October 17, 2024, 2:46pm

Hello,

previously when getting the authentification by openId when redirecting to apache webserver we got this errormessage:
The redirect URI xy specified in the request does not match the redirect URIs configured for the application
,because the redirect-url of apache started with http not https.

We solved this problem by redirecting to the knime-server url:
“https://knime-server:8443/knime_cloud/webportal”

The knime webportal showed a connect-button instead of the user-pwd fields. With the right MS-Account and Password
the logon was successfull, but the knime-page complained:

Something went wrong!
Sorry, it looks like you tried to access something you need additional permissions for. <403>

Could you please give further guidance to confige this right?

Greetings B.Kochs

auth.2024-10-17.log____________________________________________________________________________________________________________________________________________________________
17-Oct-2024 16:20:02.773 FINE .authenticator.KnimeServerAuthenticator.doAuthenticate Using KnimeOAuthAuthenticatorValve authenticator for path /
17-Oct-2024 16:20:02.773 FINE .authenticator.oidc.KnimeOAuthRequestAuthenticator.resolveCode checking state cookie for after code
17-Oct-2024 16:20:02.774 FINE .authenticator.oidc.KnimeOAuthRequestAuthenticator.resolveCode Redirect URI for code to token exchange: “https://knime-server:8443/knime_cloud/”
17-Oct-2024 16:20:02.921 FINE .authenticator.oidc.KnimeOAuthRequestAuthenticator.resolveCode Verifying tokens
17-Oct-2024 16:20:02.921 FINEST .authenticator.oidc.KnimeOAuthRequestAuthenticator.logToken access_token: 123456
17-Oct-2024 16:20:02.922 FINEST .authenticator.oidc.KnimeOAuthRequestAuthenticator.logToken refresh_token: null
17-Oct-2024 16:20:02.922 FINE .authenticator.oidc.KnimeAdapterTokenVerifier.verifyTokens Parsing full access token for verification.
17-Oct-2024 16:20:02.923 SEVERE .authenticator.oidc.KnimeOAuthRequestAuthenticator.resolveCode failed verification of token: Invalid token signature
17-Oct-2024 16:20:02.984 FINE .authenticator.KnimeServerAuthenticator.invoke Not subject to any constraint
17-Oct-2024 16:20:03.037 FINE .authenticator.KnimeServerAuthenticator.invoke Not subject to any constraint
17-Oct-2024 16:20:03.038 FINE .authenticator.KnimeServerAuthenticator.invoke Not subject to any constraint

apache-tomcat-9.0.58/conf/Catalina/localhost/knime-oidc-config.json_________________________________________________________
“identity-provider-name”: “AzureAD/CAIMAN”,
“auth-server-url”: “https://login.microsoftonline.com/a5e6c6bd-17f0-4980-be25-49bcd5c558ae/v2.0”,
“resource”: “3xyxyxyx”,
“authorization-endpoint”: “Sign in to your account”,
“allow-opaque-access-token”: “true”,
“credentials”: {
“secret”: “xyxyxyxy”
},
“redirect-rewrite-rules”: {
“^(http:)(.*)$” : “https://\2”
}
}

ztrubow · October 18, 2024, 1:53pm

Hi @b_kochs ,

Would you mind submitting this information to support@knime.com as well as the support bundle/auth logs so that we can take this off of the forum as there may be sensitive data in some of your configuration files, and you should have enterprise support if you have an active KNIME Server license. I’ll pick the case up there and we can continue troubleshooting through our ticketing system.

Thanks,
Zack

system · January 16, 2025, 1:54pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.