Bugfix #20887 (MFA) does not work properly

[Aileron79]

Description

Thank you for taking this problem seriously and implementing a fix so quickly. Unfortunately, the situation now worsened - there seem to be a few problems with that implementation:

I need to connect to a bunch of databases (like 20+), for all of them I authenticate using my Azure credentials. The problem now is, that I need to go through the whole authentication process (Enter username, password, launch authenticator app, enter authentication code, close browser window) for every single database I connect to.

Sometimes I get caught in a loop: The swt browser pops up, I complete the authentication process, and once it's completed, it starts over again. And again. And again. Eventually I get this error message:

Note that I use the correct credentials, authentication works fine with an older version of DBeaver.

It looks as if the swt browser does not support cookies/caching of sessions.

Sadly, I need to install an older version of DBeaver now to actually be able to work with it.

I would very much like to help sorting out this issue, happy to give a live demo if that helps.

DBeaver Version

23.2.1

Operating System

Win 10

Database and driver

Azure SQL / Azure SQL Server MFA Authentication

Steps to reproduce

• Create multiple connections to an Azure SQL database using MFA
• The idea behind Azure MFA is that you connect with your Azure credentials, so connect to all databases with your Azure credentials
• This is where the issue starts: You have to go through the whole authentication process, including MFA, for every single connection. If you have multiple connections (like me between 30 and 50), this is not feasible.
• Once I finally have connected to all the servers I need, I sometimes need to re-authenticate on a reconnect.
• If you close dbeaver and start it again, I have to repeat the whole process and authenticate N times to N servers again.

Additional context

Expected behaviour:

• Start dbeaver
• Connect to one of the databases
• The internal browser caches the session (like an external browser would)
• When connecting to the next database, I don't need to re-authenticate against Azure again (Not sure, but I think you need the acquiretokensilent functionality in the MSAL)
• Upon reconnect, I am not prompted for credentials again
• Ideally, the internal browser window closes automatically when it says "Authentication complete, you can now close this window" or sth like that.

[Destrolaric]

@Aileron79 Hi, unified Azure/AWS/GCP session, unfortunately, is a part of Ultimate Edition functionality. In this edition, you can work with multiple cloud databases by using single session credentials. This feature is unavailable in Community Edition.
Additional: We looked again, there is issue with MFA in Azure Driver, we are going to look into it again

[Aileron79]

@Destrolaric Thanks for the update, I get the point. Maybe it helps, I am frequently stuck in authentication loops - and if I manage to connect, I need to go through the whole re-authentication process again. I'd expect that automatic re-connection doesn't require me to provide credentials and mfa again - that should be handled/cached/... by the driver.

[arhayka]

Probably related:

• After update to 23.2.1 MFA auth on Azure Sql stop to worked #21433
• Embedded web browser window appears blank during Active Directory - MFA Authentication #21470

[Destrolaric]

SQL Server driver retries SSO requests when fails to connect for any reason, this leads to multiple SSO requests being sent. We probably want to create a bug report for the driver bug tracker.

[Destrolaric]

microsoft/mssql-jdbc#2237 Linked driver issue