Knime Server integration with Azure AD

I’m trying to integrate Knime Server (4.11) with Azure AD, this is my current configuration:

<Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://domain.onmicrosoft.com" roleBase="ou=AADDC Users,dc=domain,dc=onmicrosoft,dc=com" roleName="cn" userRoleName="memberOf" roleSearch="(member={0})" userPattern="uid={0}@domain.onmicrosoft.com" userBase="cn=Users,dc=domain,dc=onmicrosoft,dc=com" userSearch="(&lt;(objectClass=user)(sAMAccountName={0}))" connectionTimeout="60" debug="99"/>

When I try to login I get invalid login, I checked the logs it says:

LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580]

My password is right I have checked it several times. Does anyone have any suggestion as to what might be wrong?

Hello @oerhahon,

Can you please attempt the advanced troubleshooting section in this guide:

Please install the recommended tool and let us know if you are able to successfully connect there using your credentials.

Thanks,
Zack

yes, i have used the tool but it is still not authenticating the user.

Hi @oerhahon,

If you are not able to authenticate using the tool then you will not be able to via Knime either. Please contact your network administrators to get assistance with getting logged in first via that tool and then please let us know if you are still having issues.

Thanks,
Zack

I can authenticate to the tool, and I went through the steps in your troubleshooting guide, but still I can’t log into Knime.

Hi @oerhahon,

Can you answer a few more questions to help us narrow down the root cause:

  1. Are you behind any firewalls/VPN’s when attempting to authenticate?
  2. Are any other users experiencing the same issue?
  3. Are you using any type of two-factor auth?
  4. Can you please let us know what java version you are using? We discovered a bug with Java 8 Update, Version 272, that happens to break LDAP authentication in Tomcat.

Thanks,
Zack

  1. Are you behind any firewalls/VPN’s when attempting to authenticate? no
  2. Are any other users experiencing the same issue? yes
  3. Are you using any type of two-factor auth? yes, Azure AD MFA is enabled
  4. Can you please let us know what java version you are using? We discovered a bug with Java 8 Update, Version 272, that happens to break LDAP authentication in Tomcat. Version 282.

hi @oerhahon

Are you using Azure AD Domain Services or Azure AD Oauth?
Can you provide us with either the nodes you are trying to connect with, or the workflow that you are attempting to run that is throwing errors, or the error you see when attempting to log into the Webportal?
What account were you using to bind to the LDAP server with the suggested auth tool? Was it the same as your current user you are receiving the errors with or an admin account?

What type of bind are you using to connect to your AD server?

What type of Knime Server are you using? Small,Med,Large?

Thanks,
Zack

@oerhahon,

Have you had a chance to gather any of the requested info? Checking in to see if you still need assistance with this issue.

Thanks,
Zack