Knime server OpenID connect with Code flow

schitranshi · July 17, 2020, 1:03pm

Hi,

We are using Knime 4.11.0, and we want to configure Knime server to use OpenID connect against an IDM service. From the documentation here, it seems that Knime can be configured for Credential flow only, whereas the IDM (Azure AD) supports code + id_token (link)
when we try to run the knime server with the configured endpoints, it fails to authenticate complaining - Access token is opaque, but the configuration does not allow opaque access tokens
Scenarios we have tested -
“GET Knime server url with a valid token in the Authorization header” - gets a 200OK response.
“hitting Knime server from the browser” - goes through the Authentication flow, and fails with the message above.

So my question is -
is there a way to configure knime to use code flow in the openID connect?

AlexanderFillbrunn · July 20, 2020, 7:16am

Hi @schitranshi,
The error message KNIME Server gives you means that it gets a token that seems to be not a valid JWT, so the server cannot validate it by itself. You can enable it via the setting allow-opaque-access-token="<true|false>" (found in the link you posted). That makes the server not validate the token and uses the userinfo endpoint for verification.
Kind regards,
Alexander

AlexanderFillbrunn · August 3, 2020, 7:09am

Hi @schitranshi,
Were you able to resolve the issue?
Kind regards,
Alexander