Search code examples
snowflake-cloud-data-platformrstudio-server

Is it possible to use snowflakedb JDBC with authenticator=externalbrowser in RStudio Server?

I have a snowflake user that can login via Azure AD SSO. That is, we have configured in the account:

alter account set saml_identity_provider = '{
"certificate": "...",
"ssoUrl": "https://login.microsoftonline.com/..../saml2",
"type": "custom",
"label": "AzureAD"
}';
alter account set sso_login_page=TRUE;
CREATE USER userA PASSWORD = '' LOGIN_NAME = '[email protected]' DISPLAY_NAME = 'UserA';

When I use RStudio Desktop I can connect to snowflake using:

# export JAVA_HOME=$(/usr/libexec/java_home -v 1.8) # /Library/Java/JavaVirtualMachines/amazon-corretto-8.jdk/Contents/Home
# R CMD javareconf
# R --quiet -e 'install.packages("rJava", type="source")'

install.packages(c("RJDBC", "DBI", "dplyr"))
install.packages(c("nycflights13", "Lahman"))

install.packages("devtools")
devtools::install_github("snowflakedb/dplyr-snowflakedb", force=TRUE)


library(nycflights13)
library(dplyr)
library(dplyr.snowflakedb)

options(dplyr.jdbc.classpath = "/Users/ecerulm/Downloads/snowflake-jdbc-3.12.8.jar") 

my_db <- src_snowflakedb(
  user="[email protected]",
  password=rstudioapi::askForPassword("Snowflake password"),
  account="tele2",
  host="xxxxx.eu-west-1.snowflakecomputing.com",
  opts=list(db="MYDB", authenticator="externalbrowser"))

in RStudio Desktop this triggers a browser (Google Chrome) popup that performs the single sign on toward the Microsoft IdP.

When I try the same thing in RStudio Server I get

Initiating login request with your identity provider. A browser window should have opened for you to complete the login. If you can't see it, check existing browser windows, or your OS settings. Press CTRL+C to abort and try again...
Initiating login request with your identity provider. A browser window should have opened for you to complete the login. If you can't see it, check existing browser windows, or your OS settings. Press CTRL+C to abort and try again...
Error in .jcall(drv@jdrv, "Ljava/sql/Connection;", "connect", as.character(url)[1],  : 
  java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11.XToolkit

this is obviously trying to open the browser RStudio Server physical machine which won't work.

Is there any way to make the browser based authentication to take place at the user's browser and be forwarded to RStudio Server?

Solution

  • Is there any way to make the browser based authentication to take place at the user's browser and be forwarded to RStudio Server?

    No, the browser use and authenticated redirects will always be performed locally as required by the standard implemented.

    For server-deployed (headless) applications that connect as a Snowflake client using your Azure AD account, use Snowflake's External OAuth capabilities:

    External OAuth integrates […] OAuth 2.0 server to provide a seamless SSO experience, especially for programmatic client applications connecting to Snowflake.

    A dedicated section detailing an OAuth setup for Microsoft Azure AD is available in their documentation.

    Other alternatives are to use passwords, or a key-pair.