我已启用 AWS 私有链接以访问雪花,并且链接没有问题,当使用 Jumpcloud 与 SSO 集成时,登录后它只会抛出 400 错误
对于Troubleshhot,我已经尝试过,但它们没有用
- https://support.snowflake.net/s/article/Error-400-Bad-Request-while-SSO-login-to-Snowflake
- https://community.snowflake.com/s/article/Configuring-your-IDP-to-Snowflake-by-providing-required-properties-in-a-SAML-Response
这是 JumpCloud SSO 设置
这是完整的 SAML 响应,但仍然收到 400 错误任何来自雪花故障排除的想法将有助于解决此问题
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
Destination="https://8GWIFI.ORG.SG.AP-SOUTHEAST-1.AWS.PRIVATELINK.snowflakecomputing.com/fed/login/"
ID="AUZZ04QP5VMGW46F5YJZROMK164PY2C1QQ6XNXJJ"
InResponseTo="id-6417485141254017599_-1"
IssueInstant="2020-05-13T07:59:21.927Z"
Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://8gwifi.org</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="OVOSTV678D3AU2SQM6PSUDG2YHNSQMN4HJR9SGI2"
IssueInstant="2020-05-13T07:59:21.927Z"
Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://8gwifi.org</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#OVOSTV678D3AU2SQM6PSUDG2YHNSQMN4HJR9SGI2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>nxftTo6YnJGZR+qhRSJlPoMuNMMFwoxftmNAX/YDQaI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
cvamdwGY/8VZ+n4gDoLoEt+z6fZCLmPuvv/u4qeYOZd/fMg28Jz7kt2FU27WDHbOkx21LEFJ/g2Mlt8X++MP8hhHNqqb8x42YZzyHTv4dmfz3xapSQ17iDJILlfsc2odr5xPjkScz+wNPxCTUsA8kCrfeTfnGJOyn7t6uq7zMh87uUmlIob04CYbV/1SZpD2Xz6Jij9UsBiP82QSbTWAs4gePDcnS0TKe0HGfkNYxhCQBlIR40tBrte4KRpxuoXo00aMXXR0f0qilfU2nvYWeZVnQFBLfFOKZmlKxuhRUyiEYr9iVTjI8uxLt9oJ/XFFC5cuZjRl1FlKExGwouGbcpHUt7Gx9XeCPlVD3z9bi33X4Hi8mwbD6uX0lcgcJQ82RbppIya+7Q0bTzSh5nCKAu+vIlTXNKlHnwM5ax7HNxfDJedcLgEpaJ0qntnH67TyjFQg/NPOb54wtjkOi9/qxnI/ND2EMnWP4O6jMlmwknLLEuW2iqgF9wBN0mM4EfmgniaUjixWVvr0aT2sFNcC7BalUkdBJWXCN6PYabm2exye4zYb2C9FyiDjzrsLYuctXCU19js1vhukIftYMG13ds+ZSL6enseFSHKqI1EYNWOogmGkgZJWOeH7BL5Xgeq5HhBn8teUvGc519p7J/2LkoGfEyJ4K0SPyTLoC1R5poA=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
M=........
.................
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">anish2good@yahoo.co.in</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData InResponseTo="id-6417485141254017599_-1"
NotOnOrAfter="2020-05-13T08:04:21.927Z"
Recipient="https://8GWIFI.ORG.SG.AP-SOUTHEAST-1.AWS.PRIVATELINK.snowflakecomputing.com/fed/login/" /></saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2020-05-13T07:54:21.927Z"
NotOnOrAfter="2020-05-13T08:04:21.927Z">
<saml2:AudienceRestriction>
<saml2:Audience>https://8GWIFI.ORG.SG.AP-SOUTHEAST-1.AWS.PRIVATELINK.snowflakecomputing.com/fed/login/</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2020-05-13T07:59:21.927Z"
SessionIndex="ed8df976-6c7d-458e-ad23-1657133d3a00">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>