[ 
https://issues.apache.org/jira/browse/HIVE-24543?focusedWorklogId=531571&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-531571
 ]

ASF GitHub Bot logged work on HIVE-24543:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 05/Jan/21 23:16
            Start Date: 05/Jan/21 23:16
    Worklog Time Spent: 10m 
      Work Description: vihangk1 commented on a change in pull request #1791:
URL: https://github.com/apache/hive/pull/1791#discussion_r552255324



##########
File path: jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
##########
@@ -896,39 +946,103 @@ private void openSession() throws SQLException {
       openReq.setPassword(sessConfMap.get(JdbcConnectionParams.AUTH_PASSWD));
     }
 
+    //TODO(Vihang): This is a bit hacky. We piggy back on a dummy OpenSession 
call
+    // to get the redirect response from the server. Instead its probably 
cleaner to
+    // explicitly do a HTTP post request and get the response.
+    int numRetry = isBrowserAuthMode() ? 2 : 1;
+    for (int i=0; i<numRetry; i++) {
+      try {
+        openSession(openReq);
+      } catch (TException e) {
+        if (isSamlRedirect(e)) {
+          boolean success = doBrowserSSO();
+          if (!success) {
+            String msg = browserClient.getServerResponse() == null
+                || browserClient.getServerResponse().getMsg() == null ? ""
+                : browserClient.getServerResponse().getMsg();
+            throw new SQLException(
+                "Could not establish connection to " + jdbcUriString + ": "
+                    + msg, " 08S01", e);
+          }
+        } else {
+          throw new SQLException(
+              "Could not establish connection to " + jdbcUriString + ": " + e
+                  .getMessage(), " 08S01", e);
+        }
+      }
+    }
+    isClosed = false;
+  }
+
+  private boolean doBrowserSSO() throws SQLException {
     try {
-      TOpenSessionResp openResp = client.OpenSession(openReq);
+      Preconditions.checkNotNull(browserClient);
+      try (IJdbcBrowserClient bc = browserClient) {
+        browserClient.doBrowserSSO();
+        HiveJdbcBrowserServerResponse response = 
browserClient.getServerResponse();
+        if (response != null) {
+          return response.isSuccessful();
+        }
+        return false;
+      }
+    } catch (Exception ex) {
+      throw new SQLException("Browser based SSO failed: " + ex.getMessage(),
+          " 08S01",

Review comment:
       I could find where to look for these standard error codes. The closest 
hit online was the 
https://docs.microsoft.com/en-us/sql/odbc/reference/appendixes/appendix-a-odbc-error-codes?view=sql-server-ver15
 which lists 08S01 as "communications like failure". I didn't see anything 
which suggests a authentication error. The closest was perhaps 28000 but I am 
not sure if this is the right place to look for these codes. Do you know where 
can I find this for JDBC?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 531571)
    Time Spent: 2h 40m  (was: 2.5h)

> Support SAML 2.0 as an authentication mechanism
> -----------------------------------------------
>
>                 Key: HIVE-24543
>                 URL: https://issues.apache.org/jira/browse/HIVE-24543
>             Project: Hive
>          Issue Type: New Feature
>            Reporter: Vihang Karajgaonkar
>            Assignee: Vihang Karajgaonkar
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 2h 40m
>  Remaining Estimate: 0h
>
> With cloud based deployments, having a SAML 2.0 based authentication support 
> in HS2 will be greatly useful in case of federated or external identity 
> providers like Okta, PingIdentity or Azure AD.
> This authentication mechanism can initially be only supported on http 
> transport mode in HiveServer2 since the SAML 2.0 protocol is primarily 
> designed for web clients.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to