Connecting to Amazon Athena via Active Directory Federation Services (ADFS) Using JDBC

Connecting to Amazon Athena via Active Directory Federation Services (ADFS) requires the Simba Athena JDBC driver. If connecting via RazorSQL, RazorSQL can automatically download and configure the Simba JDBC driver for you in the Add Connection Wizard tool.

In order to connect to Athena via ADFS, the following connection properties are needed. If connecting via RazorSQL (Connections -> Add Connection Profile -> Select Amazon Athena and click Continue), fill in the Athena specific property values on the main connection wizard screen. Click the "Configure" button next to the Conn. Properties field to add the Azure AD Specific properties.

Athena specific properties:

  • AWSRegion - This is the AWS region your database resides in, for example, us-east1
  • S3OutputLocation - This is the S3 bucket with your data

ADFS specific properties:

  • User or UID - The user name for the ADFS server
  • Password or PWD - The password for the ADFS server
  • AwsCredentialsProviderClass - Use com.simba.athena.iamsupport.plugin.AdfsCredentialsProvider
  • IdP_Host - The host name of the ADFS service
  • IdP_Port - The port of the ADFS service
  • preferred_role - The Amazon Resource Name (ARN) of the role that you want to assume when authenticated through ADFS
  • SSL_Insecure - false if you want the connector to verify the server certificate. true if you do not want the connector to verify the server certificate.

If manually connecting to Athena, below is an example JDBC URL to connect to Athena and authenticate via ADFS.

jdbc:awsathena://AwsRegion=us-east1;S3OutputLocation=s3://test;AwsCredentialsProviderClass=com.simba.athena.iamsupport.plugin.AdfsCredentialsProvider;idp_host=example.adfs.server;idp_port=443;User=HOME\jsmith;Password=simba12345;preferred_role=arn:aws:iam::123456789123:role/JSMITH;ssl_insecure=true;