I have setup a Rails 7.0.4 application to work on a Snowflake database using ruby-odbc and sequel with sequel-snowflake connector. We use SSO for logging in into Snowflake. In the DSN configuration the authentication method is therefore set to "externalbrowser". Frontend is actually handled in React, so also rack-cors is being used. It works fine on Windows, but I have to finally run it on Linux (AlmaLinux 9).
Here I decided to use unixODBC. I set up the DSN and connection works fine using isql (browser window opens, redirects to localhost with SAML token, tells me authentication is good and I can close the window). SQL commands work all fine in the isql shell. Unfortunately, when starting my rails application it fails at the redirect to localhost with This site can't be reached / localhost refused to connect.
I tried many different things, I found on the web (some of them non-sensical):
- Tried different browsers (Firefox, Chrome, Brave (same engine as Chrome))
- Added URLs to origins line in cors.rb
- Turned of HSTS in browsers
- Set config.force_ssl in application.rb to false
- Used Passenger instead of Puma
Nothing made it work. Comparing the isql the trace messages of isql (which works), with Rails all is completely fine until the browser authentication starts. While isql is all fine, the Rails application shows the following errors:
2023-01-31T13:12:17Z.699 [thread-7067] Info Connection #0 to host xxxxx.west-europe.azure.snowflakecomputing.com left intact.
2023-01-31T13:12:17.699 INFO 7067 sf::RestRequest::httpPerform: http request headers: Content-Type: application/json
Accept: application/json
2023-01-31T13:12:17.699 TRACE 7067 sf::CurDesc::reset: cleanup 0
2023-01-31T13:12:17.699 TRACE 7067 sf::CurDesc::reset: curl_easy_reset 0x42b2d50
2023-01-31T13:12:17.699 TRACE 7067 sf::CurlDescPool::freeCurlDesc: Free curl descriptor 0x42b1bf0(curl=0x42b2d50) back to subpool 0x428de20
2023-01-31T13:12:17.699 TRACE 7067 sf::RestRequest::~RestRequestState: Freed descriptor to pool
2023-01-31T13:12:17.699 DEBUG 7067 sf::AuthenticatorExternalBrowser::getSSOUrl: SSO URL: https://login.microsoftonline.com/52d....7e/saml2?SAMLRequest=nZJB....%2FkL&RelayState=58393
Initiating login request with your identity provider. A browser window should have opened for you to complete the login. If you can't see it, check existing browser windows, or your OS settings. Press CTRL+C to abort and try again...
2023-01-31T13:12:17.822 ERROR 7067 sf::AuthWebServer::startAccept: Failed to receive SAML token. Could not accept a request. err: Interrupted system call
2023-01-31T13:12:17.822 TRACE 7067 Simba::Snowflake::SFConnection::connect: Simba::Support::ErrorExceptionUnformatted ErrorException: {MessageKey="SFAuthWebBrowserFailed" ComponentID=102' RowNumber=UNKNOWN ColumnNumber=UNKNOWN DiagState=63 MessageParameters=["Permission denied"]}
2023-01-31T13:12:17.823 TRACE 7067 Simba::Snowflake::SFConnection::SetProperty: Setting property (167) with type 2
/home/mwinter/.rvm/gems/ruby-3.1.2/gems/sequel-5.64.0/lib/sequel/adapters/odbc.rb:17:in `drvconnect': ODBC::Error: S1000 (38) [Snowflake][Snowflake] (38) (Sequel::DatabaseConnectionError)
Failed to authenticate a user by external browser: Permission denied.
Is there a way to get Rails to connect to the database using unixODBC the same way isql does?