SAML 2.0 in Okta Version 2022.05.1 E fails from CLI / Tableau Desktop

uma.deivasigamani · May 24, 2022, 8:12pm

Hi,

I’m using the native enterprise application ‘Snowflake’ and configured SAML 2.0 sign-on.
This authentication works fine from a web browser.
But with the same configuration, fails from the command line or from Tableau Desktop client application.

"
% snowsql -u user -a account_name --authenticator https://dev-51663347.okta.com
Password:
250007 (08001): The specified authenticator and destination URL in the SAML assertion do not match: expected: https://*******.snowflakecomputing.com:443, post back: /login/cert
If the error message is unclear, enable logging using -o log_level=DEBUG and see the log to find out the cause. Contact support for further help.
Goodbye!
"

"
Tableau Desktop - error

An error occurred while communicating with Snowflake
Unable to connect to the server. Check that the server is running and that you have access privileges to the requested database.
Error Code: B19090E0
There was an unknown connection error to the database. The error message below has additional information, but you might need to ask the database administrator to review the database logs.
[Snowflake][Snowflake] (35)
The specified authenticator and destination URL in Saml Assertion did not match, expected=https://******.snowflakecomputing.com:443, post back=/login/cert

"

Fuzzard · May 25, 2022, 4:27pm

is MFA used? because it looks like MFA is not supported
https://kb.tableau.com/articles/issue/error-the-specified-authenticator-and-destination-url-in-saml-assertion-did-not-match-snowflake-saml

uma.deivasigamani · May 25, 2022, 4:50pm

The okta user doesn’t have MFA enabled.

This okta user is created as below:
In Okta, Directory → People → Add person → Entered values for fields ‘First Name’, ‘Last Name’, ‘Username’ and then Enabled ‘I will set password’ and entered password, unchecked ‘User must change password on first login’.

Nothing else done with this okta user.

Is MFA enabled by default for all the users in Okta version **** E ?

If so, How to disable MFA for the Okta user?

How to check if MFA was enabled or disabled for a Okta user ?

What is the difference between Okta **** C version and Okta ***** E version, with respect to user’s default MFA status?

uma.deivasigamani · May 25, 2022, 4:55pm

With respect to Tableau Desktop client, this error happens only when I select the authentication option ‘Okta username and password’ and specify the ‘okta URL’ in the SAML Idp field.

I’m able to connect from Tableau Desktop client if I select the authentication option ‘Okta username and password’ and specify ‘externalbrowser’ in the SAML Idp field.

So the okta username, password authentication works thru external browser, but fails with this error when we try from any command line clients ( clients which doesn’t support MFA)

Post		Replies	Views
Unable to validate incoming SAML assertion (The Issuer in the SAML response did not match the Issuer configured for the Identity Provider.) SAML	5	17812	September 1, 2021
Challenges setting up Snowflake SAML on Okta Developer account SAML	4	3277	January 11, 2021
Widget 401 token Error OAuth/OIDC widget	7	1001	May 2, 2024
When using a direct link the Okta App functions correctly despite encountering an unknown authentication strategy SAML in other scenarios SAML	1	1413	February 16, 2024
Error Unknown authentication strategy saml SAML	1	1279	March 22, 2024

SAML 2.0 in Okta Version 2022.05.1 E fails from CLI / Tableau Desktop

Related topics