Ensure that your system meets the following prerequisites:

  • MySQL Client version 5.5.27 or newer: This version of the MySQL client is required because it includes the Cleartext Client-Side Authentication Plugin. This plugin is necessary because MySQL clients normally hash user credentials before they are sent to the server. However, the internal SAML authentication module operates at the server level, not the client level, and it requires the clear text form of user credentials. Therefore, all user accounts that require SAML authentication must have their credentials passed to the server in clear text.

When passing any credentials in clear text, you should always use some form of transport layer security (TLS). Otherwise, an attacker can see the user’s credentials by inspecting unencrypted network traffic.

  • MemSQL version 5.8.0 or newer: This version of SingleStore DB is required because it’s the first version that provides the option to authenticate with SAML 2.0 security tokens.

  • SAML 2.0 Requirements:

  • Base64-encoded security tokens: When a user is authenticated using SAML 2.0, the security token sent to the database must be Base64 encoded. If a token is not Base64 encoded, the database will return an error.

  • Decoded security token cannot be greater than 250KB in size: A fully decoded Base64 security token must not exceed 250KB. The Base64-encoded security token itself may exceed 250KB, but ensure that its decoded size does not exceed 250KB.