peterpans2013 commented on issue #2373:
URL: https://github.com/apache/polaris/issues/2373#issuecomment-3940852838
Hi @adutra, i have a question about mixed authentication.
I'm using zitadel as idp, my polaris version is 1.3.0-incubating.
I created 2 principals with same name spark_client in zitadel and polaris.
I created a token from zitadel and use it to authenticate to polaris but got
401 unauthorized.
Here are my DEBUG logs.
The query returned no result because zitadel principal has different id with
polaris principal.
```
{"timestamp":"2026-02-22T11:50:39.08761902Z","sequence":3104,"loggerClassName":"org.slf4j.impl.Slf4jLogger","loggerName":"org.apache.polaris.service.auth.DefaultAuthenticator","level":"DEBUG","message":"Resolving
principal for credentials:
PolarisCredential{principalId=361132742760465520123,
principalName=spark_client,
principalRoles=[PRINCIPAL_ROLE:data_engineer]}","threadName":"executor-thread-2","threadId":34,"mdc":{"requestId":"5c2912eb-b660-4dde-9049-60e98af22449_0000000000000000002","realmId":"datalake"},"ndc":"","hostName":"polaris-7dfd8dfbbf-pt5zs","processName":"/usr/lib/jvm/java-21-openjdk-21.0.9.0.10-1.el9.aarch64/bin/java","processId":1}
{"timestamp":"2026-02-22T11:50:39.088626117Z","sequence":3105,"loggerClassName":"org.slf4j.spi.DefaultLoggingEventBuilder","loggerName":"org.apache.polaris.persistence.relational.jdbc.DatasourceOperations","level":"DEBUG","message":"query:
SELECT id, catalog_id, parent_id, type_code, name, entity_version,
sub_type_code, create_timestamp, drop_timestamp, purge_timestamp,
to_purge_timestamp, last_update_timestamp, properties, internal_properties,
grant_records_version, location_without_scheme FROM POLARIS_SCHEMA.ENTITIES
WHERE catalog_id = ? AND type_code = ? AND id = ? AND realm_id = ?\n 0\n
2\n 361132742760465520123\n
datalake","threadName":"executor-thread-2","threadId":34,"mdc":{"requestId":"5c2912eb-b660-4dde-9049-60e98af22449_0000000000000000002","realmId":"datalake"},"ndc":"","hostName":"polaris-7dfd8dfbbf-pt5zs","processName":"/usr/lib/jvm/java-21-openjdk-21.0.9.0.10-1.el9.aarch64/bin/java","processId":1}
{"timestamp":"2026-02-22T11:50:39.091535742Z","sequence":3106,"loggerClassName":"org.slf4j.impl.Slf4jLogger","loggerName":"org.apache.polaris.service.auth.DefaultAuthenticator","level":"WARN","message":"Failed
to resolve principal from
credentials=PolarisCredential{principalId=361132742760465520,
principalName=spark_client,
principalRoles=[PRINCIPAL_ROLE:data_engineer]}","threadName":"executor-thread-2","threadId":34,"mdc":{"requestId":"5c2912eb-b660-4dde-9049-60e98af22449_0000000000000000002","realmId":"lakehouse"},"ndc":"","hostName":"polaris-7dfd8dfbbf-pt5zs","processName":"/usr/lib/jvm/java-21-openjdk-21.0.9.0.10-1.el9.aarch64/bin/java","processId":1}
```
Does zitadel principal and polaris principal must need to have the same ID:
This is query result if i comment the id condition:
<img width="960" height="523" alt="Image"
src="https://github.com/user-attachments/assets/23ed84bc-6f74-4977-8191-0a804549b9c1";
/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
