Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-1794001: Devcontainer (Docker) SSO externalbrowser ERR_CONNECTION_REFUSED #2104

Open
aleenprd opened this issue Nov 8, 2024 · 0 comments
Open

SNOW-1794001: Devcontainer (Docker) SSO externalbrowser ERR_CONNECTION_REFUSED #2104

aleenprd opened this issue Nov 8, 2024 · 0 comments
Labels
bug needs triage

Comments

@aleenprd
Copy link

aleenprd commented Nov 8, 2024
edited
Loading

Python version

Python 3.8.10

Operating system and processor architecture

Linux-6.6.22-linuxkit-x86_64-with-Ubuntu-20.04-focal

Installed packages

about-time==3.1.1
agate==1.9.1
alive-progress==2.3.1
annotated-types==0.7.0
appdirs==1.4.4
asn1crypto==1.5.1
attrs==23.2.0
azure-core==1.30.1
azure-storage-blob==12.20.0
Babel==2.15.0
backoff==2.2.1
beautifulsoup4==4.12.3
black==24.4.2
boto3==1.34.116
botocore==1.34.116
cachetools==5.3.3
certifi==2024.2.2
cffi==1.16.0
cfgv==3.4.0
chardet==5.2.0
charset-normalizer==3.3.2
click==8.0.4
colorama==0.4.6
cryptography==42.0.7
daff==1.3.46
dbt-adapters==1.2.1
dbt-common==1.2.0
dbt-core==1.8.0
dbt-exposures-crawler @ git+https://github.com/esenilsson/dbt-exposures-crawler@11cac433ec75685aa24abcf60af121a22b263478
dbt-extractor==0.5.1
dbt-semantic-interfaces==0.5.1
dbt-snowflake==1.8.0
defusedxml==0.7.1
diff_cover==9.0.0
distlib==0.3.8
elementary-data==0.15.1
exceptiongroup==1.2.1
filelock==3.14.0
google-api-core==2.19.0
google-auth==2.29.0
google-cloud-core==2.4.1
google-cloud-storage==2.16.0
google-crc32c==1.5.0
google-resumable-media==2.7.0
googleapis-common-protos==1.63.0
grapheme==0.6.0
identify==2.5.36
idna==3.7
importlib-metadata==6.11.0
importlib_resources==6.4.0
iniconfig==2.0.0
isodate==0.6.1
jaraco.classes==3.4.0
jeepney==0.8.0
Jinja2==3.1.4
jinja2-simple-tags==0.6.1
jmespath==1.0.1
jsonschema==4.22.0
jsonschema-specifications==2023.12.1
keyring==24.3.1
leather==0.4.0
Logbook==1.5.3
markdown-it-py==3.0.0
MarkupSafe==2.0.1
mashumaro==3.13
mdurl==0.1.2
minimal-snowplow-tracker==0.0.2
monotonic==1.6
more-itertools==10.2.0
msgpack==1.0.8
mypy-extensions==1.0.0
networkx==2.8.8
nodeenv==1.9.0
numpy==1.24.4
packaging==23.1
pandas==2.0.3
parsedatetime==2.6
pathspec==0.12.1
pkgutil_resolve_name==1.3.10
platformdirs==4.2.2
pluggy==1.5.0
posthog==2.5.0
pre-commit==3.5.0
proto-plus==1.23.0
protobuf==4.25.3
pyasn1==0.6.0
pyasn1_modules==0.4.0
pycparser==2.22
pydantic==2.7.2
pydantic_core==2.18.3
pyfiglet==0.8.post1
Pygments==2.18.0
PyJWT==2.8.0
pymsteams==0.2.2
pyOpenSSL==24.1.0
pytest==8.2.1
pytest-parametrization==2022.2.1
python-dateutil==2.9.0.post0
python-slugify==4.0.1
pytimeparse==1.1.8
pytz==2024.1
PyYAML==6.0.1
ratelimit==2.2.1
referencing==0.35.1
regex==2024.5.15
requests==2.32.3
rich==13.7.1
rpds-py==0.18.1
rsa==4.9
ruamel.yaml==0.18.6
ruamel.yaml.clib==0.2.8
s3transfer==0.10.1
SecretStorage==3.3.3
shandy-sqlfmt==0.21.3
six==1.16.0
slack_sdk==3.27.2
snowflake-connector-python==3.10.1
sortedcontainers==2.4.0
soupsieve==2.5
sqlfluff==3.0.7
sqlfluff-templater-dbt==3.0.7
sqlparse==0.5.0
tableauserverclient==0.30
tabulate==0.9.0
tblib==3.0.0
text-unidecode==1.3
toml==0.10.2
tomli==2.0.1
tomlkit==0.12.5
tqdm==4.66.4
typing_extensions==4.12.0
tzdata==2024.1
urllib3==2.0.7
virtualenv==20.26.2
zipp==3.19.1

What did you do?

I am running my application in VsCode - Devcontainer i.e. a docker container. I started this morning and the connection with SSO via externalbrowser to Snowflake was good, albeit slow to auth from the container. On my machine (Mac), I have no issues authenticating with the same code. Nor do my colleagues. But for some reason, all of a sudden, it stopped working. It opens the URL in my browser, which goes from https://login.microsoftonline.com/ to Snowflake, to localhost:randomport/etc, at which I get an error saying: 

site cant be reached
localhost refused to connect.
Try:

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

PS: I can authenticate with user/password so it just seems an **externalbrowser issue** that is inconsistent.
PPS: we are using Azure for SSO

What did you expect to see?

That it just authenticates.

Can you set logging to DEBUG and collect the logs?

2024-11-08 15:16:06,902 - MainThread connection.py:399 - __init__() - INFO - Snowflake Connector for Python Version: 3.10.1, Python Version: 3.8.10, Platform: Linux-6.6.22-linuxkit-x86_64-with-glibc2.29
2024-11-08 15:16:06,903 - MainThread connection.py:705 - connect() - DEBUG - connect
2024-11-08 15:16:06,903 - MainThread connection.py:1088 - __config() - DEBUG - __config
2024-11-08 15:16:06,903 - MainThread connection.py:1239 - __config() - INFO - This connection is in OCSP Fail Open Mode. TLS Certificates would be checked for validity and revocation status. Any other Certificate Revocation related exceptions or OCSP Responder failures would be disregarded in favor of connectivity.
2024-11-08 15:16:06,903 - MainThread converter.py:159 - __init__() - DEBUG - use_numpy: False
2024-11-08 15:16:06,903 - MainThread connection.py:915 - __open_connection() - DEBUG - REST API object was created: jf91634.eu-central-1.snowflakecomputing.com:443
2024-11-08 15:16:06,903 - MainThread webbrowser.py:117 - prepare() - DEBUG - authenticating by Web Browser
2024-11-08 15:16:06,911 - MainThread webbrowser.py:150 - prepare() - DEBUG - step 1: query GS to obtain SSO url
2024-11-08 15:16:06,911 - MainThread webbrowser.py:471 - _get_sso_url() - DEBUG - account=jf91634, authenticator=EXTERNALBROWSER, [email protected]
2024-11-08 15:16:06,912 - MainThread retry.py:351 - from_int() - DEBUG - Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
2024-11-08 15:16:06,913 - MainThread retry.py:351 - from_int() - DEBUG - Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
2024-11-08 15:16:06,913 - MainThread network.py:1224 - _use_requests_session() - DEBUG - Session status for SessionPool 'jf91634.eu-central-1.snowflakecomputing.com', SessionPool 1/1 active sessions
2024-11-08 15:16:06,913 - MainThread network.py:875 - _request_exec_wrapper() - DEBUG - remaining request timeout: N/A ms, retry cnt: 1
2024-11-08 15:16:06,913 - MainThread network.py:857 - add_request_guid() - DEBUG - Request guid: 22dfa767-e998-4434-a0e2-f7e7ffff9a12
2024-11-08 15:16:06,913 - MainThread network.py:1065 - _request_exec() - DEBUG - socket timeout: 60
2024-11-08 15:16:06,916 - MainThread connectionpool.py:1019 - _new_conn() - DEBUG - Starting new HTTPS connection (1): jf91634.eu-central-1.snowflakecomputing.com:443
2024-11-08 15:16:07,215 - MainThread ssl_wrap_socket.py:79 - ssl_wrap_socket_with_ocsp() - DEBUG - OCSP Mode: FAIL_OPEN, OCSP response cache file name: None
2024-11-08 15:16:07,259 - MainThread ocsp_snowflake.py:492 - reset_cache_dir() - DEBUG - cache directory: /root/.cache/snowflake
2024-11-08 15:16:07,260 - MainThread ocsp_snowflake.py:530 - reset_ocsp_response_cache_uri() - DEBUG - ocsp_response_cache_uri: file:///root/.cache/snowflake/ocsp_response_cache.json
2024-11-08 15:16:07,260 - MainThread ocsp_snowflake.py:533 - reset_ocsp_response_cache_uri() - DEBUG - OCSP_VALIDATION_CACHE size: 304
2024-11-08 15:16:07,260 - MainThread ocsp_snowflake.py:332 - reset_ocsp_dynamic_cache_server_url() - DEBUG - OCSP response cache server is enabled: http://ocsp.snowflakecomputing.com/ocsp_response_cache.json
2024-11-08 15:16:07,260 - MainThread ocsp_snowflake.py:345 - reset_ocsp_dynamic_cache_server_url() - DEBUG - OCSP dynamic cache server RETRY URL: None
2024-11-08 15:16:07,260 - MainThread ocsp_snowflake.py:966 - validate() - DEBUG - validating certificate: jf91634.eu-central-1.snowflakecomputing.com
2024-11-08 15:16:07,261 - MainThread ocsp_asn1crypto.py:385 - extract_certificate_chain() - DEBUG - # of certificates: 4
2024-11-08 15:16:07,262 - MainThread ocsp_asn1crypto.py:390 - extract_certificate_chain() - DEBUG - subject: OrderedDict([('common_name', '*.eu-central-1.snowflakecomputing.com')]), issuer: OrderedDict([('country_name', 'US'), ('organization_name', 'Amazon'), ('common_name', 'Amazon RSA 2048 M03')])
2024-11-08 15:16:07,263 - MainThread ocsp_asn1crypto.py:390 - extract_certificate_chain() - DEBUG - subject: OrderedDict([('country_name', 'US'), ('organization_name', 'Amazon'), ('common_name', 'Amazon RSA 2048 M03')]), issuer: OrderedDict([('country_name', 'US'), ('organization_name', 'Amazon'), ('common_name', 'Amazon Root CA 1')])
2024-11-08 15:16:07,264 - MainThread ocsp_asn1crypto.py:390 - extract_certificate_chain() - DEBUG - subject: OrderedDict([('country_name', 'US'), ('organization_name', 'Amazon'), ('common_name', 'Amazon Root CA 1')]), issuer: OrderedDict([('country_name', 'US'), ('state_or_province_name', 'Arizona'), ('locality_name', 'Scottsdale'), ('organization_name', 'Starfield Technologies, Inc.'), ('common_name', 'Starfield Services Root Certificate Authority - G2')])
2024-11-08 15:16:07,264 - MainThread ocsp_asn1crypto.py:390 - extract_certificate_chain() - DEBUG - subject: OrderedDict([('country_name', 'US'), ('state_or_province_name', 'Arizona'), ('locality_name', 'Scottsdale'), ('organization_name', 'Starfield Technologies, Inc.'), ('common_name', 'Starfield Services Root Certificate Authority - G2')]), issuer: OrderedDict([('country_name', 'US'), ('organization_name', 'Starfield Technologies, Inc.'), ('organizational_unit_name', 'Starfield Class 2 Certification Authority')])
2024-11-08 15:16:07,266 - MainThread ocsp_asn1crypto.py:87 - read_cert_bundle() - DEBUG - reading certificate bundle: /usr/local/lib/python3.8/dist-packages/certifi/cacert.pem
2024-11-08 15:16:07,278 - MainThread ocsp_asn1crypto.py:413 - create_pair_issuer_subject() - DEBUG - not found issuer_der: OrderedDict([('country_name', 'US'), ('organization_name', 'Starfield Technologies, Inc.'), ('organizational_unit_name', 'Starfield Class 2 Certification Authority')])
2024-11-08 15:16:07,280 - MainThread ocsp_snowflake.py:730 - find_cache() - DEBUG - hit cache for subject: OrderedDict([('common_name', '*.eu-central-1.snowflakecomputing.com')])
2024-11-08 15:16:07,282 - MainThread ocsp_asn1crypto.py:205 - is_valid_time() - DEBUG - Verifying the attached certificate is signed by the issuer. Valid Not After: 2025-12-10 00:00:00+00:00
2024-11-08 15:16:07,283 - MainThread ocsp_snowflake.py:730 - find_cache() - DEBUG - hit cache for subject: OrderedDict([('country_name', 'US'), ('organization_name', 'Amazon'), ('common_name', 'Amazon RSA 2048 M03')])
2024-11-08 15:16:07,285 - MainThread ocsp_asn1crypto.py:205 - is_valid_time() - DEBUG - Verifying the attached certificate is signed by the issuer. Valid Not After: 2025-12-10 00:00:00+00:00
2024-11-08 15:16:07,285 - MainThread ocsp_snowflake.py:730 - find_cache() - DEBUG - hit cache for subject: OrderedDict([('country_name', 'US'), ('organization_name', 'Amazon'), ('common_name', 'Amazon Root CA 1')])
2024-11-08 15:16:07,287 - MainThread ocsp_asn1crypto.py:205 - is_valid_time() - DEBUG - Verifying the attached certificate is signed by the issuer. Valid Not After: 2025-05-07 12:00:00+00:00
2024-11-08 15:16:07,287 - MainThread ocsp_snowflake.py:730 - find_cache() - DEBUG - hit cache for subject: OrderedDict([('country_name', 'US'), ('state_or_province_name', 'Arizona'), ('locality_name', 'Scottsdale'), ('organization_name', 'Starfield Technologies, Inc.'), ('common_name', 'Starfield Services Root Certificate Authority - G2')])
2024-11-08 15:16:07,289 - MainThread ocsp_snowflake.py:1023 - _validate() - DEBUG - ok
2024-11-08 15:16:07,359 - MainThread connectionpool.py:474 - _make_request() - DEBUG - https://etc
snowflakecomputing.com:443 "POST /session/authenticator-request?request_guid=22dfa767-e998-4434-a0e2-f7e7ffff9a12 HTTP/1.1" 200 None
2024-11-08 15:16:07,360 - MainThread network.py:1092 - _request_exec() - DEBUG - SUCCESS
2024-11-08 15:16:07,360 - MainThread network.py:1229 - _use_requests_session() - DEBUG - Session status for SessionPool 'jf91634.eu-central-1.snowflakecomputing.com', SessionPool 0/1 active sessions
2024-11-08 15:16:07,360 - MainThread network.py:745 - _post_request() - DEBUG - ret[code] = None, after post request
2024-11-08 15:16:07,360 - MainThread webbrowser.py:158 - prepare() - DEBUG - Validate SSO URL
Initiating login request with your identity provider. A browser window should have opened for you to complete the login. If you can't see it, check existing browser windows, or your OS settings. Press CTRL+C to abort and try again...
2024-11-08 15:16:07,360 - MainThread webbrowser.py:176 - prepare() - DEBUG - step 2: open a browser
Going to open: https://login.microsoftonline.com/etc to authenticate...
2024-11-08 15:16:07,862 - MainThread webbrowser.py:201 - prepare() - DEBUG - step 3: accept SAML token
@github-actions github-actions bot changed the title Devcontainer (Docker) SSO externalbrowser ERR_CONNECTION_REFUSED SNOW-1794001: Devcontainer (Docker) SSO externalbrowser ERR_CONNECTION_REFUSED Nov 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug needs triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aleenprd @sfc-gh-sghosh