Allow user to provide a specific port and host for containerized environments that need SSO.

Kelly Huntlin · Kelly Huntlin · commit e8d891e07126 · 2025-02-06T16:30:21.000-08:00
diff --git a/index.d.ts b/index.d.ts
@@ -436,6 +436,16 @@ declare module 'snowflake-sdk' {
           */
         disableSamlUrlCheck?: boolean;
 
+        /**
+          * Custom socket port to use for the local SAML server. Useful for SSO in containerized environments.
+          */
+        localSamlServerPort?: boolean;
+
+        /**
+          * Custom socket address to use for the local SAML server. Useful for SSO in containerized environments.
+          */
+        localSamlServerHost?: boolean;
+
         /**
           * The option to fetch all the null values in the columns as the string null.
           */
diff --git a/lib/authentication/auth_web.js b/lib/authentication/auth_web.js
@@ -24,6 +24,8 @@ const { rest } = require('../global_config');
 function AuthWeb(connectionConfig, httpClient, webbrowser) {
 
   const host = connectionConfig.host;
+  const localServerPort = connectionConfig.getLocalSamlServerPort();
+  const localServerHost = connectionConfig.getLocalSamlServerHost();
   const browserActionTimeout = connectionConfig.getBrowserActionTimeout();
   const ssoUrlProvider = new SsoUrlProvider(httpClient);
 
@@ -75,8 +77,13 @@ function AuthWeb(connectionConfig, httpClient, webbrowser) {
       return result;
     });
 
-    // Use a free random port and set to no backlog
-    server.listen(0, 0);
+    // Preserving previous behavior. If user does not provide a custom port or address,
+    // it will use a random port and fallback to localhost
+    // https://github.com/nodejs/node/blob/main/lib/net.js#L1311
+    server.listen({
+      port: localServerPort,
+      host: localServerHost,
+    });
 
     if (connectionConfig.getDisableConsoleLogin()) {
       // Step 1: query Snowflake to obtain SSO url
diff --git a/lib/connection/connection_config.js b/lib/connection/connection_config.js
@@ -63,6 +63,8 @@ const DEFAULT_PARAMS =
   'forceGCPUseDownscopedCredential',
   'representNullAsStringNull',
   'disableSamlURLCheck',
+  'localSamlServerPort',
+  'localSamlServerHost',
   'credentialCacheDir',
   'passcodeInPassword',
   'passcode',
@@ -480,6 +482,20 @@ function ConnectionConfig(options, validateCredentials, qaMode, clientInfo) {
     disableSamlURLCheck = options.disableSamlURLCheck;
   }
 
+  let localSamlServerPort = 0;
+  if (Util.exists(options.localSamlPort)) {
+    Errors.checkArgumentValid(Util.isNumber(options.localSamlPort),
+      ErrorCodes.ERR_CONN_CREATE_INVALID_LOCAL_SAML_SERVER_PORT);
+    localSamlServerPort = options.localSamlPort;
+  }
+
+  let localSamlServerHost = 0;
+  if (Util.exists(options.localSamlServerHost)) {
+    Errors.checkArgumentValid(Util.isString(options.localSamlServerHost),
+      ErrorCodes.ERR_CONN_CREATE_INVALID_LOCAL_SAML_SERVER_HOST);
+    localSamlServerHost = options.localSamlServerHost;
+  }
+
   let clientStoreTemporaryCredential = false;
   if (Util.exists(options.clientStoreTemporaryCredential)) {
     Errors.checkArgumentValid(Util.isBoolean(options.clientStoreTemporaryCredential),
@@ -811,6 +827,14 @@ function ConnectionConfig(options, validateCredentials, qaMode, clientInfo) {
     return disableSamlURLCheck;
   };
 
+  this.getLocalSamlServerPort = function () {
+    return localSamlServerPort;
+  };
+
+  this.getLocalSamlServerHost = function () {
+    return localSamlServerHost;
+  };
+
   this.getCredentialCacheDir = function () {
     return credentialCacheDir;
   };
diff --git a/lib/constants/error_messages.js b/lib/constants/error_messages.js
@@ -84,6 +84,8 @@ exports[404053] = 'A host must be specified.';
 exports[404054] = 'Invalid host. The specified value must be a string.';
 exports[404055] = 'Invalid passcodeInPassword. The specified value must be a boolean';
 exports[404056] = 'Invalid passcode. The specified value must be a string';
+exports[404057] = 'Invalid port number. The specified value must be a number.';
+exports[404058] = 'Invalid address. The specified value must be a string.';
 
 // 405001
 exports[405001] = 'Invalid callback. The specified value must be a function.';
diff --git a/lib/errors.js b/lib/errors.js
@@ -88,6 +88,8 @@ codes.ERR_CONN_CREATE_MISSING_HOST = 404053;
 codes.ERR_CONN_CREATE_INVALID_HOST = 404054;
 codes.ERR_CONN_CREATE_INVALID_PASSCODE_IN_PASSWORD = 404055;
 codes.ERR_CONN_CREATE_INVALID_PASSCODE = 404056;
+codes.ERR_CONN_CREATE_INVALID_LOCAL_SAML_SERVER_PORT = 404057;
+codes.ERR_CONN_CREATE_INVALID_LOCAL_SAML_SERVER_HOST = 404058;
 
 // 405001
 codes.ERR_CONN_CONNECT_INVALID_CALLBACK = 405001;
