4

I am trying to connect with snowflake using DBT with SSO Authentication Mechanism. For this an external browser window should open for passing the credentials. To connect with snowflake I build the profile.yml file as below

test_dbt_snowflake:
  target: dev
  outputs:
    dev:
      type: snowflake
      account: ****.east-us-2.azure
      user: ****
      role: sysadmin

      # SSO config
      authenticator: externalbrowser

      database: tgt
      warehouse: compute_wh
      schema: tgt_schema
      threads: 1
      client_session_keep_alive: False

but when I try to connect it gives the below error

Running with dbt=0.17.0
For upgrading instructions, consult the documentation:
  https://docs.getdbt.com/docs/guides/migration-guide/upgrading-to-0-17-0
Found 1 model, 0 tests, 0 snapshots, 0 analyses, 136 macros, 0 operations, 0 seed files, 0 sources

Initiating login request with your identity provider. A browser window should have opened for you to complete the login. If you can't see it, check existing browser windows, or your OS settings. Press CTRL+C to abort and try again...
Encountered an error:
Runtime Error
  Database error while listing schemas in database "tgt"
  Database Error
    390190 (08001): Failed to connect to DB: *****.east-us-2.azure.snowflakecomputing.com:443, There was an error related to the SAML Identity Provider account parameter. Contact Snowflake support.
Suzy Lockwood
  • 1,050
  • 4
  • 6
Vipendra Singh
  • 689
  • 2
  • 12
  • 26
  • I've been trying to connect using DBT and SSO, and also failed, so I tried reducing my test case to just Python and Snowflake. If I can get that working, then hopefully the dbt login issue will be solved ... https://stackoverflow.com/questions/63006556/cannot-connect-to-snowflake-using-python-connector-and-extrernalbrowser-authenti – Dan Horne Jul 21 '20 at 17:18
  • I like the idea of a simpler test case as well. Does a browser window open at all in your testing? Is your networking team able to trace the traffic at all and determine if anything (like a proxy) is involved and needs to be configured for this connection to work properly? – Suzy Lockwood Jul 21 '20 at 18:09
  • Could you please check your database privileges for the role you have entered? – user9646274 Nov 18 '20 at 07:16

1 Answers1

0

I was having this issue also. I logged into Snowflake via SSO and once that worked, I tried it again from the terminal.

It is worth running the following code:

use role accountadmin;

alter account set allow_id_token = true;

There is documentation that explains this but essentially, a window will open numerous times if you do not allow caching of the id_token. After that, I was able to connect successfully.

https://docs.snowflake.com/user-guide/admin-security-fed-auth-use#managing-users-with-federated-authentication-enabled

C3RDITO
  • 1