Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSO profiles not supported #70

Closed
thyming opened this issue Oct 21, 2022 · 10 comments
Closed

SSO profiles not supported #70

thyming opened this issue Oct 21, 2022 · 10 comments

Comments

@thyming
Copy link

thyming commented Oct 21, 2022

Driver version

2.1.0.9

Problem description

  1. Expected behaviour: I can use a profile configured with AWS SSO to get credentials.
  2. Actual behaviour: There's a vague error, but I see from the logs that it cannot read access keys.
  3. Error message/stack trace:
  4. Any other details that can be helpful:
    Based on AWS docs, this is expected with the redshift client version this library is using.

JDBC trace logs

Reproduction code
@Brooke-white
Copy link
Contributor

Hi @thyming , could you please share the following to help us troubleshoot

  1. Code snippit showing how you're establishing the connection
  2. Driver logs

My apologies for the delay in response.

@thyming
Copy link
Author

thyming commented Nov 11, 2022 via email

@shaohong
Copy link

shaohong commented Dec 10, 2022
edited
Loading

@Brooke-white in the pom.xml, the driver still depends on the AWS SDK for Java 1.x. The 2.x libraries are using a different groupID like 'software.amazon.awssdk'

According to AWS documentation: https://docs.aws.amazon.com/sdkref/latest/guide/feature-sso-credentials.html
the SSO credential mechanism is only supported in AWS SDK for Java 2.x libraries.

This is also noticable if I download the all-in-one zip file from https://docs.aws.amazon.com/redshift/latest/mgmt/jdbc20-download-driver.html after extraction all the dependencies are java 1.x sdk, such as 'aws-java-sdk-core-1.12.251.jar'

@Brooke-white
Copy link
Contributor

thanks for sharing this info, @shaohong. The Redshift JDBC is still using AWS SDK for Java 1.x. pinging @bhvkshah on this so we can raise this (use of AWS SDK 2.x) with the team.

@bhvkshah
Copy link
Contributor

Hi @thyming , while we will not be pursuing this issue in the near future, upgrading to use aws-sdk 2.x is part of our long term roadmap. We have decided to close it for now. It will be reopened when we come back to this issue. The Redshift Driver team appreciates your contribution and thanks you for bringing this to our attention!

@thyming
Copy link
Author

thyming commented Mar 29, 2023

What about taking an approach like aws/aws-sdk-java#2434 (comment)

@bhvkshah
Copy link
Contributor

Let me take a look and get back to you. We do plan on starting the migration to v2 sdk soon, so the efforts may be redundant.

@Limess
Copy link

Limess commented May 5, 2023
edited
Loading

We used the approach above in other services/libraries and it was a very low-effort way of resolving the SSO issue which would be easy to swap out when migrating to the V2 SDK.

@thyming
Copy link
Author

thyming commented Aug 25, 2023

@bhvkshah any update on this?

@mike-wilson-tubi
Copy link

This issue appears to be biting us as well. I have to delete the credentials file using SSO or else my JDBC connections would fail. The error indicates that the JDBC driver is deferring to the credentials file over the config file even if it is empty. I have to delete it altogether for connections to force the driver to use the config file properties.

Any update on this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@shaohong @thyming @Limess @Brooke-white @mike-wilson-tubi @bhvkshah