SSO authentication logged user info

zpal · March 30, 2020, 2:10pm

Hi All,

In our KNIME server I set up SSO authentication documentation, the Identity Provider in Azure. Everything is working as expected. The user able to log into the KNIME webportal if has access to the Azure application. But I would like to retrive the logged user info eg: email, name. The workflow.user is a hashcode generated by the Azure, I guess. The Azure has an endpoint to get the user information but for that I need the access token.

Is it possible to retrive the logged user’s email?

Thanks,
Z.

oole · March 30, 2020, 3:08pm

Hi @zpal

Generally, the authenticator talks to the userinfo endpoint of your identity provider. There is a configurable parameter that can be used for the username mapping:

"principal-attribute": "claim-used-for-principal-mapping"

You should make sure that Azure provides the claim that you want to use, you might have to set additional scopes with this parameter:

  "additional-scopes": "additional-scope another-scope"

Both need to be entered into the knime-oidc-config.json.

So if you want to map a user’s email you would have to add the following to your knime-oidc-config.json

"additional-scopes": "email"
"principal-attribute": "email"

If no claim is specified the server will use the “sub” claim, which probably is why you see that hashcode generated by Azure.

Question on the side: Are you using Azure AD v1 or v2?

Hope that helps

Ole

zpal · March 30, 2020, 3:22pm

Hi Ole,

Thank you very much It works, I can retrive the logged user’s email.

I am using v1, I got the information in KNIME the v2 is not working yet.

Best,
Z.

system · April 6, 2020, 3:22pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.