When connecting to snowflake by ODBC and SnowSQL with SSO (SAML), can I connect with IDP initiated?

0
votes

I want to access snowflake with SAML from ODBC. I can connect with internal snowflake authentication(user & password) from ODBC.

At that time, the parameter of authenticator=externalbrowzer. Nothing happens when the browser starts and I authenticate with SAML IDP.

Does authenticator=externalbrowser not work if SSO is IDP Initiated?

idp uses a custom idp.

[snowsql example]

C:\Users\testuser>snowsql -a xxx99999 --authenticator externalbrowser -u [email protected]
Initiating login request with your identity provider. A browser window should have opened for you to complete the login. If you can't see it, check existing browser windows, or your OS settings. Press CTRL+C to abort and try again...

Similar to ODBC, nothing happens when the browser starts and I authenticate on the IDP screen.

2
odbcsamlsnowflake-cloud-data-platformsnowsql

2 Answers

0
votes

We use SAML auth and have used authenticator=externalbrowser (i assume the "z" is not a typo) as option to initiate SAML authentication. Have you tried SAML auth to connect via the UI?

0
votes

externalbrowser is an SP initiated request and definitely requires SP initiated. If you can go to the browser and login without entering an IDP initiated URL, then it sounds like SP initiated might work. Do you get a login button that says "login using SSO" or something like that with Snowflake? The client has to initiate SSO and the browser has to redirect back to "http://localhost:". Does the browser show the snowflake console or does it say something like "You're authenticated, you can close this browser"?