Using DBeaver to connect to Athena using OKTA is throwing SAML Assertion error

0

I was trying to connect to Athena using DBeaver with OKTA, when I was using the JDBC URL created base on the syntax on AWS documentaion, I experienced a SAML error like the one below:

eclipse.buildId=unknown java.version=17.0.6 java.vendor=Eclipse Adoptium BootLoader constants: OS=win32, ARCH=x86_64, WS=win32, NL=en_US Framework arguments: -eclipse.keyring C:\Users\ys126681\AppData\Roaming\DBeaverData\secure\secure_storage Command-line arguments: -os win32 -ws win32 -arch x86_64

org.jkiss.dbeaver.model Error Thu Aug 22 14:46:49 EDT 2024 Failed to retrieve SAMLAssertion.

java.io.IOException: Failed to retrieve SAMLAssertion. at com.simba.athena.iamsupport.plugin.OktaCredentialsProvider.handleSamlAssertion(Unknown Source) at com.simba.athena.iamsupport.plugin.OktaCredentialsProvider.getSamlAssertion(Unknown Source) at com.simba.athena.iamsupport.plugin.SamlCredentialsProvider.refresh(Unknown Source) at com.simba.athena.iamsupport.plugin.SamlCredentialsProvider.getCredentials(Unknown Source) at com.simba.athena.iamsupport.plugin.SamlCredentialsProvider.getCredentials(Unknown Source) at

Yene
asked 16 days ago32 views
1 Answer
0

You're encountering a SAML assertion error when trying to connect to Amazon Athena via DBeaver with OKTA authentication. This issue likely stems from incorrect configuration in the JDBC URL or OKTA setup.

Steps to Resolve:

  1. Verify OKTA Configuration: Ensure your OKTA app is correctly set up for SAML with Athena.

  2. Check JDBC URL: Double-check the format and values in your JDBC URL, ensuring all parameters like OktaAppName, OktaUsername, IdpHost, and RoleArn are correct.

  3. Use Secure Password Handling: Avoid hardcoding passwords; use environment variables or secure storage.

  4. Enable Logging: Turn on detailed logging in DBeaver to get more insights into the issue.

  5. Ensure Compatibility: Make sure your JDBC driver and DBeaver are compatible and up-to-date.

  6. Network Configuration: Ensure that your network allows connections to OKTA and AWS.

profile pictureAWS
EXPERT
Deeksha
answered 16 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions