Error SSO for dremio connexion

Hi,

I am trying to configure SSO for Dremio connexion.
I have this error:
“ERROR c.d.d.server.GenericExceptionMapper - Unexpected exception when processing GET https://localhost:443/apiv2/login/sso/?redirect=%2F : java.lang.NullPointerException”

Could you help me ?

Regards,

You would have to share your config file for us to see why. Since it makes contain private information, feel free to open a support ticket since SSO is only available in Enterprise Edition.

I confirm you, I’m use Enterprise Edition
My oauth.json file is:
{
“clientId”: “dremio-dev”,
“clientSecret”: “******************”,
“redirectUrl”: “https://dremio-pf.dev.echonet:10443/sso”,
“authorityUrl”: “https://websso.xx.xx/affwebservices/CASSO/oidc/dremio-dev/authorize”,
“scope”: “openid profile email”,
“jwtClaims”: {
“userName”: “preferred_username”
}
}

But it seems I have a bad redirection because I don’t have any communication with WebSSO infractructure.

The value in authorityUrl is assumed to use OAuth 2 standard endpoints, so we would connect to:

https://websso.xx.xx/affwebservices/CASSO/oidc/dremio-dev/authorize/oauth2/v2.0/authorize
and
https://websso.xx.xx/affwebservices/CASSO/oidc/dremio-dev/authorize/oauth2/oauth2/v2.0/token

If your IDP does not conform, you can manually configure the two URLs in oauth.json instead of using authorityUrl:

  "authorizationUrl": "",
  "accessTokenUrl": "",

Hi,
I configured the oauth file with your settings.
Now I communicate with the webSSO platform, but I have a 401 error

GET https://dremio-pf.dev.echonet:10443/apiv2/login/?nocache=1646305521299
État 401 Unauthorized

and

error: invalid_scope
error_description : L’étendue est manquante ou non valide.
state: -{-“sessionId-”:-“322797d4-6f93-499c-b9f6-94cbf8a31597-”-,-“uiRedirectUrl-”:-“/-”-}

The invalid_scope error is coming from your SSO provider, you would have to read their documentation for the scopes that need to be set (in oauth.json).

Hi,

We find no error in the SSO provider configuration.
Is it possible to enable debug mode in dremio to track traffic with my SSO provider ?

Edge Log:
TARGET: -SM-HTTPS://websso–.stagin.com/affwebservices/secure/secureredirect/pprod_low?scope=openid+profile+email&response_type=code&readOnly=true&state=-{-“sessionId-”-:-“f22e796e–7bce–4590–86b8-”-,-“uiRedirectUrl-”-:-"-"-}&redirect_uri=https-:-/-/dremio–pf.staging.echonet-/sso&client_id=dremio–qual&SMPORTALURL=TrtXK2b6iDuVhIOnvGy

access.log file:
“GET /sso?error=invalid_scope&error_description=L%27%C3%A9tendue+est+manquante+ou+non+valide.&state=-%7B-%22sessionId-%22%3A-%22f22e796e-7bce-4590-86b8-037dea7484d6-%22-%2C-%22uiRedirectUrl-%22%3A-%22-%22-%7D HTTP/1.1” 200 2799 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Edg/98.0.1108.43”

Thanks

@Lance

Would you be able to send us the server.log from the coordinator right after the failure?

I send you my file by mail.