duc-dn commented on issue #2373: URL: https://github.com/apache/polaris/issues/2373#issuecomment-3448642565
Hi @adutra I created a catalog and schema in Polaris under the realm realm-external, using Keycloak as the OIDC provider. Then, I configured Trino to connect to Polaris as follows: ``` connector.name=iceberg iceberg.catalog.type=rest iceberg.rest-catalog.uri=http://polaris:8181/api/catalog iceberg.rest-catalog.security=OAUTH2 iceberg.rest-catalog.warehouse=ekyc iceberg.rest-catalog.vended-credentials-enabled=true iceberg.rest-catalog.oauth2.credential=client1:s3cr3t iceberg.rest-catalog.oauth2.scope=PRINCIPAL_ROLE:catalog_admin iceberg.rest-catalog.oauth2.server-uri=http://keycloak:8080/realms/iceberg/protocol/openid-connect/token ``` However, I got the following error: ``` SQL Error [84148237]: Query failed (#20251026_153533_00003_ndads): Error listing tables for catalog iceberg_oauth2: Cannot obtain metadata ... org.apache.iceberg.exceptions.NotAuthorizedException: Not authorized ``` I suspect the issue is that Trino cannot specify the realm (realm-external) when making requests to Polaris. I tried adding the property `iceberg.rest-catalog.http-headers.Polaris-Realm=realm-external` but it didn’t work — Trino reported that this property is not recognized. Could you please give me some recommendations on how to resolve this issue? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
