Description: When attempting to integrate a namespace using Apache Spark with an Apache Polaris instance configured to use Keycloak for authentication, the operation fails. The issue appears to stem from how Keycloak handles the realm parameter within the authentication headers.
Expected Behavior: The client should successfully authenticate with Keycloak via Polaris and perform namespace operations (create/access) without errors.
Actual Behavior: The integration fails with an authentication error. The failure correlates with Keycloak including the realm parameter in the HTTP authentication headers, which seems to use default realm.
Steps to Reproduce:
Deploy Apache Polaris configured with Keycloak OIDC authentication.
Attempt to integrate or access a namespace using Lance and Spark.
Observe the authentication failure in the client logs or Polaris server logs.
Lance namespace: 0.2.0
Polaris: 1.3.0
Spark: 4.1.0
Description: When attempting to integrate a namespace using Apache Spark with an Apache Polaris instance configured to use Keycloak for authentication, the operation fails. The issue appears to stem from how Keycloak handles the realm parameter within the authentication headers.
Expected Behavior: The client should successfully authenticate with Keycloak via Polaris and perform namespace operations (create/access) without errors.
Actual Behavior: The integration fails with an authentication error. The failure correlates with Keycloak including the realm parameter in the HTTP authentication headers, which seems to use default realm.
Steps to Reproduce:
Deploy Apache Polaris configured with Keycloak OIDC authentication.
Attempt to integrate or access a namespace using Lance and Spark.
Observe the authentication failure in the client logs or Polaris server logs.
Lance namespace: 0.2.0
Polaris: 1.3.0
Spark: 4.1.0