starred/cloudbeaver
1
0
Fork 0
mirror of https://github.com/dbeaver/cloudbeaver.git synced 2026-04-25 21:56:01 +03:00
Code Issues 212 Projects Releases Packages Wiki Activity

[GH-ISSUE #3112] SAML authentication method and AWS Identity Center #1126

New issue
Closed
opened 2026-03-07 20:59:50 +03:00 by kerem · 0 comments
kerem commented 2026-03-07 20:59:50 +03:00
Owner
Copy link

Originally created by @jonsbun on GitHub (Dec 3, 2024).
Original GitHub issue: https://github.com/dbeaver/cloudbeaver/issues/3112

I am trying to configure the SAML authentication method via AWS Identity Center (formerly AWS SSO) on the CloudBeaver AWS instance.

The user can log in, but the https://aws.amazon.com/SAML/Attributes/Role attribute is not working properly and I am not sure why:

03-12-2024 07:17:39.995 [qtp2116839170-79] DEBUG i.c.a.p.aws.WebAwsAuthProvider - Try AWS authentication
03-12-2024 07:17:40.000 [qtp2116839170-79] INFO  i.c.a.p.aws.WebAwsAuthProvider - AssumeRoleWithSamlRequest:
        roleARN=arn:aws:iam::<hidden>:role/aws-reserved/sso.amazonaws.com/eu-west-2/<hidden>
        principalARN=arn:aws:iam::<hidden>:saml-provider/<hidden>
        UserId=<hidden>
03-12-2024 07:17:40.346 [qtp2116839170-79] ERROR i.c.s.servlet.FederatedAccessServlet - Error during authentication assume in 'aws'
software.amazon.awssdk.services.sts.model.InvalidIdentityTokenException: Issuer not present in specified provider (Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlInvalidSamlResponseException; Request ID: 0e8d1248-1b43-4ff5-8a45-2ae4c96a4d27; Proxy: null) (Service: Sts, Status Code: 400, Request ID: 7e0a600f-9676-4ea9-aad5-67b38a8f1c0e)

Also, the User group mapping attribute option is listed in the CloudBeaver AWS SAML configuration menu. However, CloudBeaver documentation does not explain how to use this option.

Any ideas on how to solve these issues?

Originally created by @jonsbun on GitHub (Dec 3, 2024). Original GitHub issue: https://github.com/dbeaver/cloudbeaver/issues/3112 I am trying to configure the SAML authentication method via AWS Identity Center (formerly AWS SSO) on the CloudBeaver AWS instance. The user can log in, but the `https://aws.amazon.com/SAML/Attributes/Role` attribute is not working properly and I am not sure why: ``` 03-12-2024 07:17:39.995 [qtp2116839170-79] DEBUG i.c.a.p.aws.WebAwsAuthProvider - Try AWS authentication 03-12-2024 07:17:40.000 [qtp2116839170-79] INFO i.c.a.p.aws.WebAwsAuthProvider - AssumeRoleWithSamlRequest: roleARN=arn:aws:iam::<hidden>:role/aws-reserved/sso.amazonaws.com/eu-west-2/<hidden> principalARN=arn:aws:iam::<hidden>:saml-provider/<hidden> UserId=<hidden> 03-12-2024 07:17:40.346 [qtp2116839170-79] ERROR i.c.s.servlet.FederatedAccessServlet - Error during authentication assume in 'aws' software.amazon.awssdk.services.sts.model.InvalidIdentityTokenException: Issuer not present in specified provider (Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlInvalidSamlResponseException; Request ID: 0e8d1248-1b43-4ff5-8a45-2ae4c96a4d27; Proxy: null) (Service: Sts, Status Code: 400, Request ID: 7e0a600f-9676-4ea9-aad5-67b38a8f1c0e) ``` Also, the `User group mapping attribute` option is listed in the CloudBeaver AWS SAML configuration menu. However, CloudBeaver documentation does not explain how to use this option. Any ideas on how to solve these issues?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
devel
dbeaver/cloudbeaver#4120-support-token-header
dbeaver/pro#8978-advanced-paste
dbeaver/pro#5680-add-generation-rest-api-for-te
8961-cb-checkboxes-are-not-clickable-in-main-toolbar-dropdown-menu
dbeaver/pro#9047-cb-explain-execution-plan-ai
8328-cb-sql-query-generation-add-settings-for-the-generated-sql-window
8473-ai-confirmation
8107-cb-increase-the-contrast-of-some-elements
dbeaver/cloudbeaver#4249-session-id-rotation
dbeaver/pro#8234-udbt-only-for-admins
dbeaver/pro#9061-NPE-on-starting-RM-and-QM-applications
dbeaver/pro#8707-remove-folder-feature
dbeaver/pro#8766-migrate-to-junit5
dbeaver/pro#8711-sql-executation-plan-improvments
9048-cb-deadlock
release_26_0_3
dbeaver/pro#8044-add-api-for-database-user-preference
8839-entraid-not-working-from-within-myappsmicrosoftcom
8559-te-launch-redesign
8670-cb-multi-paste-support-in-data-editor-3
8943-cb-bump-npm-dependencies
dbeaver/pro#8655-cb-ai-functions-support
dbeaver/pro#8746-oauth
dbeaver/pro#8824-Unify-file-lock-handling-for-local-and-shared-fs
7912-db-oauth-in-te
dbeaver/pro#4158-tree-advanced-filter
dbeaver/dbeaver-devops#1604-non-root-user-25-2
dbeaver/pro#5124-fix-case-insensetive-username-in-import
3815-ctrl-z-is-unstable-lib-523-version
8894-ai-assistant-cache
dbeaver/pro#8896-Remove-added-h2_server_v3
release_26_0_2
dbeaver/pro#8392-Add-H2-driver-with-the-newest-version
8065-lsp-front-end
release_26_0_1
dbeaver/pro#7844-cb-lsp-server
dbeaver/pro#7530-csp-protection
release_26_0_0
release_25_3_5
release_25_3_4
release_25_3_3
7953-cb-ability-to-pin-rows-in-the-data-editor
devops-2221-base-java-repo
7923-cb-ws-events-are-misconfigured
release_25_3_2
release_25_3_1
release_25_3_0
release_25_2_5
dbeaver/pro#5267/auth-providers-refactoring
dbeaver/pro#6364-add-option-to-set-default-view-for-project
release_25_2_4
dbeaver/pro#5476-task-scheduler-refactor
release_25_2_3
7128-remove-deprecated-api
release_25_2_0
release_25_2_1
release_25_2_2
4569-cb-3681-use-something-better-than-md5-hash-to-pass-local-user-passwords
dbeaver/dbeaver-devops#1604-non-root-user-without-user-in-image
dbeaver/pro#6976-logging-poc
dbeaver/pro#6324-cursor-sync
dbeaver/pro#5630-add-cache-for-queries
dbeaver/pro#5574/fix/multi-query-vqb
dbeaver/pro#5802/feat/table-api
5664-cb-vscode-value-panel-support-text-format
CB-6291-build-local-script-do-not-clone-all-required-repos-for-successful-build
4288-core-fix-critical-cve-2022-0839-and-cve-2022-0839-in-liquibase-bundle
3944-model-data
4207-core-duplicate-cb-session-id-in-dc-side
chore/update-vite-assets-plugin
25.1.5
25.1.4
25.1.3
25.1.2
25.1.1
25.1.0
25.0.5
25.0.4
25.0.3
25.0.2
25.0.1
25.0.0
24.3.5
24.3.4
24.3.3
24.3.2
24.3.0
24.3.1
24.2.5
24.2.4
24.2.3
24.2.2
24.2.1
24.2.0
24.1.5
24.1.4
24.1.3
24.1.2
24.1.0
24.1.1
24.0.5
24.0.4
24.0.3
24.0.2
24.0.1
24.0.0
23.3.5
23.3.4
23.3.3
23.3.2
23.3.1
23.3.0
23.2.5
23.2.4
23.2.3
23.2.2
23.2.1
23.2.0
23.1.5
23.1.4
23.1.3
23.1.2
23.1.1
v23.1.0
v23_0_5
21.3.3
21.2.4
1.2.0
1.1.0
1.0.4
1.0.3
1.0.1b
1.0.2
1.0.1
1.0.0
Labels
Clear labels   
AS

   
can't reproduce

   
can't reproduce

   
deployment

   
development

   
documentation

   
duplicate

   
duplicate

   
ee

   
enhancement

   
external

   
new driver

   
performance

   
pull-request

Mirrored from GitHub Pull Request

  
third party issue

   
wait for response

   
wait for review

   
wontfix

   
x:Oracle

   
x:cassandra

   
x:clickhouse

   
x:db2

   
x:duckdb

   
x:greenplum

   
x:h2

   
x:h2gis

   
x:hana

   
x:hive

   
x:intersystems

   
x:kyuubi

   
x:maria

   
x:mongo

   
x:mysql

   
x:postgresql

   
x:presto

   
x:sql server

   
x:sqlite

   
x:teradata

   
x:trino

   
xf:accessibility

   
xf:administration

   
xf:ai

   
xf:authentication

   
xf:aws

   
xf:commit-mode

   
xf:connection

   
xf:dark theme

   
xf:data editor

   
xf:datatransfer

   
xf:dba

   
xf:driver management

   
xf:erd

   
xf:filters

   
xf:i18n

   
xf:i18n

   
xf:installer

   
xf:json

   
xf:kerberos

   
xf:ldap

   
xf:local config

   
xf:log viewer

   
xf:metadata

   
xf:metadata editor

   
xf:navigator

   
xf:okta

   
xf:query manager

   
xf:resource manager

   
xf:scripts

   
xf:sql editor

   
xf:tasks

   
xf:ui/uix

   
xo: Firefox

   
xo:eclipse

   
xo:internet explorer

   
xo:macos

   
xp:major

   
xrn:internal
No labels
AS
can't reproduce
can't reproduce
deployment
development
documentation
duplicate
duplicate
ee
enhancement
external
new driver
performance
pull-request
third party issue
wait for response
wait for review
wontfix
x:Oracle
x:cassandra
x:clickhouse
x:db2
x:duckdb
x:greenplum
x:h2
x:h2gis
x:hana
x:hive
x:intersystems
x:kyuubi
x:maria
x:mongo
x:mysql
x:postgresql
x:presto
x:sql server
x:sqlite
x:teradata
x:trino
xf:accessibility
xf:administration
xf:ai
xf:authentication
xf:aws
xf:commit-mode
xf:connection
xf:dark theme
xf:data editor
xf:datatransfer
xf:dba
xf:driver management
xf:erd
xf:filters
xf:i18n
xf:i18n
xf:installer
xf:json
xf:kerberos
xf:ldap
xf:local config
xf:log viewer
xf:metadata
xf:metadata editor
xf:navigator
xf:okta
xf:query manager
xf:resource manager
xf:scripts
xf:sql editor
xf:tasks
xf:ui/uix
xo: Firefox
xo:eclipse
xo:internet explorer
xo:macos
xp:major
xrn:internal
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/cloudbeaver#1126
No description provided.