[FEATURE REQUEST] Add a silent authentication option to suppress success messages when using Azure MFA authentication #2137
Comments
Jeffery-Wasty
added
the
Enhancement
|
Hi @mfkolb, We'll look into if we can add an option to silence these confirmations. |
|
Can you turn on FINEST tracing and reproduce your workflow? See here for instructions: https://learn.microsoft.com/en-us/sql/connect/jdbc/tracing-driver-operation?view=sql-server-ver16. I want to know if caching is working correctly for you. Also, what version of the driver are you using? |
|
|
|
We're currently working on testing this on our end, but in the meantime, can you try the latest versions of the driver (12.2 is the latest stable release). This area of code relating to credential caching and AAD auth has been worked on a lot since 9.2, so it would be worth taking a look with a more up-to-date version of the driver. |
|
Updating the driver to version 12.2 changed the "authentication succeeded" page. It changed from white text on a black background, to black text on a white background, but otherwise no change in the behavior described. I also updated the msal4j library for good measure. |
|
Regarding the logging, can you send it to our email, [email protected] ? Given that its causing issues still I'm very interested to see if the credentials are being cached correctly. |
|
Hi @mfkolb, Were you able to send us the logs? I don't see anything matching this issue in our emails. |
|
I see a similar phenomenon using DBeaver. If my connection times out, then I reconnect, I get at least 5 browser tabs telling me "Authentication complete. You can close the browser and return to the application." Sometimes its up to 10 browser tabs. It eventually stops and says 'connection successful' in DBEAVER. The way around this browser tab onslaught is to first 'disconnect' , and then 're-connect' explicitly. Then only 1 browser pops up. I don't know if this is a DBEAVER issue or a JDBC driver issue. I am using JDBC Driver 11.2.3.jre11 |
|
Please try the latest preview releases. Starting from 12.3, there are changes around token caching that may resolve the issue you're experiencing. If that fixes it, then note that our next stable release will be the end of July (July 31st), if you're looking at a stable release for a production environment. However, looking at the logs supplied by the author, I don't see anything suspicious on the driver's side. There is only a single connection, and only one auth window being opened. We've asked for additional logging from the author, and you're more than welcome to supply your own; I can take a look at that as well. Given that this issue is only showing up with DBeaver, I believe this may be the fault of the application continually trying to make new connections, each of which does (by design) spawn an "Authentication complete" message. The resolution for this issue would then not be to fix the driver behavior, as its behaving as intended, each time a new connections (not reconnect) happens, we want a confirmation window, and instead to look into DBeaver, and see why it pushes for multiple connections when the connection has been lost. This would be something you would have to follow-up with that application's team. |
|
Can you please confirm whether you are still seeing the issue with the latest driver? As mentioned there were some fixes relating to caching which may resolve your problem. I'm not sure how DBeaver is using the driver but if it is simultaneously spawning many threads to connect it may not benefit from caching. We are evaluating this operation may be better serialized to prevent this scenario however we are currently busy prepping for our upcoming GA release so we will have to get back to this after the release. Please let us know whether you are still experiencing this issue using the latest 12.3.1 release? |
|
I can confirm that I am still seeing this issue with the latest driver. I supplied more logs to Jeff for additional context.
You are correct in that this is the driver's intended behavior, but in this instance it is not desired behavior. This is why I opened the issue as a feature request, not a bug report - there are instances where this confirmation dialogue is not useful, and adding an option to suppress this on a successful connect would improve the driver's usefulness in GUI apps like DBeaver. |
|
Hi @mfkolb, Above you posted a screenshot showing you tested with 12.2, which is the latest stable release. Did you also test with the latest release 12.3.1? |
|
Yes, the issue is still there. |
|
Thank you. Then the issue is as you, and the other JDBC team member, described above. This is an enhancement request that we will triage at the appropriate time, and prioritize accordingly. |
lilgreenbird
added
the
Backlog
|
hi @mfkolb I have synchronized the calls for the getting the token it should help with your scenario since the tokens should be cached for the different threads. Can you please give this a try to see if it resolves your issue? |
Is your feature request related to a problem? If so, please give a short summary of the problem and how the feature would resolve it
I use this driver in DBeaver with a lot of tabs open to Azure MFA instances. I am spammed to hell and back with new "Authentication successful" tabs in Edge when I reconnect to these instances. This is only an issue with the Azure MFA flow as far as I can tell, regular SQL Server authentication and integrated authentication works fine and don't open tabs In other words, I don't want any Edge tabs to open telling me authentication was successful.
Describe the preferred solution
I would like an option to suppress these messages. I understand that others may find it useful for testing or debugging purposes, but in this scenario they are very disruptive.
Describe alternatives you've considered
Additional context
Reference Documentations/Specifications
Reference Implementation
The text was updated successfully, but these errors were encountered: