SSO authentication logged user info

Hi All,

In our KNIME server I set up SSO authentication documentation, the Identity Provider in Azure. Everything is working as expected. The user able to log into the KNIME webportal if has access to the Azure application. But I would like to retrive the logged user info eg: email, name. The workflow.user is a hashcode generated by the Azure, I guess. The Azure has an endpoint to get the user information but for that I need the access token.

Is it possible to retrive the logged user’s email?


Hi @zpal

Generally, the authenticator talks to the userinfo endpoint of your identity provider. There is a configurable parameter that can be used for the username mapping:

"principal-attribute": "claim-used-for-principal-mapping"

You should make sure that Azure provides the claim that you want to use, you might have to set additional scopes with this parameter:

  "additional-scopes": "additional-scope another-scope"

Both need to be entered into the knime-oidc-config.json.

So if you want to map a user’s email you would have to add the following to your knime-oidc-config.json

"additional-scopes": "email"
"principal-attribute": "email"

If no claim is specified the server will use the “sub” claim, which probably is why you see that hashcode generated by Azure.

Question on the side: Are you using Azure AD v1 or v2?

Hope that helps



Hi Ole,

Thank you very much :slight_smile: It works, I can retrive the logged user’s email.

I am using v1, I got the information in KNIME the v2 is not working yet.



This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.