I'm trying to connect to Snowflake using SSO. I am running the following script (from here):
import snowflake.connector
ctx = snowflake.connector.connect(
user='<username>',
account='<accountname>',
authenticator='externalbrowser'
)
cs = ctx.cursor()
try:
cs.execute("SELECT current_version()")
one = cs.fetchone()
print(one[0])
finally:
cs.close()
The only change I have made is passing the authenticator='externalbrowser' argument (see this) to the connect method instead of password. (user and account cannot be left blank so I'm just putting in dummy strings).
After running the script it displays the following message but a browser tab never appears:
Initiating login request with your identity provider. A browser window should have opened for you to complete the login. If you can't see it, check existing browser windows, or your OS settings. Press CTRL+C to abort and try again...
Not sure if this is relevant, but if I leave it for a few minutes, the script ends with the following error:
snowflake.connector.network.RetryRequest: HTTP 403: Forbidden
I have seen similar questions, but not an answer that would resolve the issue yet.
That <username> likely should be an email address. See https://community.snowflake.com or https://docs.snowflake.com/en/user-guide/admin-security-fed-auth-use.html#setting-up-browser-based-sso
With browser-based SSO, the Snowflake-provided client (for example, the Snowflake JDBC driver) needs to be able to open the user’s web browser. For this reason, the Snowflake-provided client and the client application that uses it need to be installed on the user’s machine. Browser-based SSO does not work if the Snowflake-provided client is used by code that runs on a server.
I assume you have provided the correct user name and password. Now if you are still getting this error, make sure you access the snowflake account using the default browser (which the python program is accessing) and keep your SSO session active.
Now run your python program and it must work.
there is nothing much required and your code parameters looks good
authenticator='externalbrowser'
Related
I have a WSO2 5.10 server behind an AWS elastic load balancer. Per my original question How can I change the management console port of a wso2 is server using deployment.toml file changes , I modified the template and the server starts and correctly reflects the new management console url in the log file. When I log into it, it also indicates that I have logged in, but the browser simply redirects back to the logon page. Further, the original carbon management url is still active and functional. For example, logon.domain.com is the host name, idp.domain.com is the management url. Both display the carbon management screens, but the idp.domain.com url does not seem to function. No logs other than acknowledging the logon are apparent. This is a multi tenant setup, all of the tenant logons work fine
Any thoughts on diagnosing this would be much appreciated.
I'm troubleshooting legacy REST application used by my company (the person responsible for it's implementation is no longer with the firm, and sourcecode is being looked for) and encountered a weird issue, namely providing no auth-data results in 401 (as it should), sending username+password or token results in 403, yet opening url in chrome on my laptop (where I'm logged in to central system) gets the response I expected (file gets downloaded).
Note that all services are supposed to be linked with central AUTHserver for convinience, so my current hypothesis is that different access rights are given depending on auth method used. Is that possible? Is it proper?
I'm not sure how any of this is relevant but:
providing no auth method returns response indicating auth-method as 'negotiate'
providing one of 'standard' auth methods returns 403
using a library that supposedly implements 'negotiate' method to Python's requests (requests-negotiate) returns errors
using PowerShell $client = System.Net.WebClient; $client.Credentials = Get-Credential; client.DownloadFile(url, path) works as intended (file get's downloaded)
I want to be able to download these files from remote server (running linux, so no PowerShell) and not having to download them to my local machine and upload them to my remote workspace.
Any help/suggestions are greatly appreciated.
Apparently the service uses Windows "integrated authentication", ie. NTLM or Kerberos.
It's not straightforward to get that working on Linux, but not impossible either. You will have to join the client to the domain and get a Kerberos ticket to authenticate, which is somewhat off-topic here. Look at SPNEGO on Linux, and this question for example has some hints.
I was surprized not to be able to connect to my account through appcfg my password was right, butthe app ansered it's not.
When I change the google setting : https://www.google.com/settings/security/lesssecureapps to make Access for less secure apps enabled, it worked.
Is there something I'm missing or must i have this security hole open to be able to use appcfg?
Please notice I'm using eclipse to publish my apps, and the eclipse plugin connects with even if the accont security is safe, but calling appcfg from the command line for roll back was the operation that failed...
I thought eclipse uses the command line to upload my app? I'm obviously wrong.
So the question is: is there something I have to do to be able to have Access for less secure apps disabled and use appcfg ?
Workaround is to use an OAuth2 token instead of using password based authentication.It is more convenient.
just add the option --oauth2 before the update, you get a key which you paste in for appcfg
I recommend you to try uploading your GAE app from the command line by:
Open CMD
Going to the GAE \ BIN directory
Enter the following command:
appcfg.exe update PATH_YOUR_APP_WAR
After that you will be required to enter your GAE email address and password, that's it
Hi I am currently writing a Test script for an ecommerce site using Seleneium IDE, this is in a testing environment in HTTP. The issue I am having is the test payment gateway 3D Secure is in HTTPS so when using FireFox the browser displays the security warning message when I am returning from the payment gateway 3D Secure HTTPS to the site testing environment.
'Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?'
I have tried the various commands in the IDE for waitForAlert* and asertAlert* but this javascript alert just seems to over ride any of the commands I use and essentially halts the script until manual intervention is used.
I am unable to turn this particular alert off in FF from what I can assertain from various forums as it is too important to be switched off, I have tried in FF about:config
I can obviusly switch the 3D secure off to allow thee script to run, but I would prefer a complete user scenario to be tested as opposed to a test adapted to suit automation.
Many thanks in advance for your time and assistance.
I had exactly the same problem :
I use Selenium web driver to test against my local http server which sends redirects to https service (3DS as well btw ;). The problem is not with certs, but with this hardcoded warning of switching between https/http.
Based on the link from MacGyver's answer and this answer Key press in (Ctrl+A) Selenium WebDriver, I tested this and I can confirm it closes "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party" dialog:
Alert alert = driver.switchTo().alert();
alert.accept();
The other solution, seems to work fine but you'll get UnhandledAlertException with latest Selenium versions (e.g. 2.25.0) :
Actions a = new Actions(driver);
a.sendKeys(Keys.ENTER).perform();
Option #1:
The easiest way is to remove the option in security options for your profile:
http://forums.mozillazine.org/viewtopic.php?f=38&t=665552
Option #2:
Not sure if this applies to an untrusted certifiate or your security warning, but the forum thread seemed to fit. It requires that you use Selenium RC Server.
Profiles are stored here for Firefox: %APPDATA%\Mozilla\Firefox
Profiles can be edited: http://www.dennisplucinik.com/blog/2011/02/04/how-to-install-run-multiple-firefox-versions-in-windows-simultaneously/
Follow the snippet below from this link:
http://old.nabble.com/Security-Warning-on-final-page,-how-to-remove-td22907376.html
If using Firefox 3, see the following post https://developer.mozilla.org/En/Cert_override.txt
The solution I use to get past this security pop-up is only applicable to Firefox 3 browsers and might be more of an hack than a fix but it works.
Run the selenium test
Select "Accept this certificate permanently" when prompted by popup
Click on the OK button (it might be neccessary to have a pause after this because we need to open explorer to find a file now)
Open Windows Explorer and navigate to => "C:\Users\xxxxxxxx\AppData\Local\Temp\customProfileDirxxxx"
This is a temparary profile created by Firefox which contains a file called "cert_override.txt"
Copy "cert_override.txt" to your temp directory
Stop your selenium server.
Open your "selenium-server.jar" file from "c:\selenium-remote-control-xxx\selenium-server-xxx" using WinRar
Drag "cert_override.txt" file into the "selenium-server.jar\customProfileDirCUSTFFCHROME" folder in WinRar (do not delete or edit anything in the .jar file!!!!!)
Close WinRar, start selenium and try it again :)
I am trying to connect to an external SOAP service using PHP and have written a small php test script that just connects to the service and performs a simple request to check everything is working.
This all works correctly but when I run via a browser request, it is very slow taking somewhere in the region of 40s to establish the initial connection. When I do the same request using the exact same script on the command line, it goes through straight away.
Does anyone have any ideas as to why this might be?
Cheers
PHP caches the wsdl in /tmp. If you run from the command line first, the cache file will be owned by whatever user you're running the script as, and apache won't be able to read the cache. The wsdl will have to be downloaded and parsed every time which will be slow.
Check the permissions of /tmp/wsdl*.
Maybe external SOAP service trying to check your IP, and your server has ICMP allowed, when your local network - not.
Anyway, this question might be answered more clearly by administrator of external SOAP service :)
Is there a difference between the php.inis that are being used?
On a standard ubuntu server installation:
diff /etc/php5/apache2/php.ini /etc/php5/cli/php.ini
//edit:
Another difference might be in the include paths. Had this trouble myself on a local test server, it didn't actually use the soap class that was included (it didn't include anything, because the search paths weren't valid), but it included the built-in soap_client class.