How do I use the JNA drivers to connect to Snowflake? (For credential caching.)

How do I get the correct version of the JNA classes installed and used by DataGrip, now that jdbc no longer includes JNA (according to Snowflake)? It looks like there's some version of JNA present, but I'm still getting prompted very frequently to authenticate (authenticator is 'externalbrowser'), which is pretty annoying (and slow). Snowflake docs just hand me off to a couple of Maven repository pages. I would expect DataGrip to handle this much more transparently.

https://docs.snowflake.com/en/user-guide/admin-security-fed-auth-use#using-connection-caching-to-minimize-the-number-of-prompts-for-authentication-optional

https://docs.snowflake.com/en/developer-guide/jdbc/jdbc-download#label-jdbc-driver-add-jna-classes-to-classpath

DataGrip version is 2023.3.2.

 

1
7 comments

My current driver situation (I think):

 

 

0
Hi John,

This is correct. The JNA driver version corresponds to the version downloaded automatically during the data source setup.

Now, the external authenticator is one of the ways to authorize via an entity provider, and you should not be prompted with this auth method unless you have it configured intentionally. If that's your concern, please check if you don't have it specified in the URL attributes or if you don't have Authenticator set in Authentication of your data source properties.
0

Hi, Aleksander, I'm not sure I follow. I do have my authenticator configured as “externalbrowser”. Is there another setting I should use? I'm getting prompted (by a Chrome popup) to authenticate every time DataGrip issues a command to Snowflake (e.g., every time I run a SELECT or CREATE TABLE statement), which is too much.

(To be clear, I don't actually work for example.com. :) )

0

Connection info, from the “Snowflake 7.44.2” link in the preceding screenshot:

DBMS: Snowflake (ver. 7.44.2)
Case sensitivity: plain=upper, delimited=exact
Driver: Snowflake (ver. 3.14.1, JDBC1.0)

0

I tried “snowflake” as the authenticator; didn't work. Okta is not our IdP; I believe Azure AD is.

0

It appears that ALLOW_ID_TOKEN is not configured on the Snowflake side. If I can get our DBAs to set it, will DataGrip automatically stop sending me SAML requests for every operation it performs?

And I was wrong when I said I get prompted for every SELECT statement; but I do get prompted every time DataGrip issues a command on my behalf (e.g., when refreshing the Data Source) and when I open a new Session (e.g., a SELECT statement in a new tab).

0
Hi John,

As long as your token is configured properly, it should not prompt you to reauthenticate when running a query in DataGrip. Please see if you can perform the necessary changes on the Snowflake side and observe this for some time.
0

Please sign in to leave a comment.