Patent attributes
Proxy-based access occurs between a cloud database and analytical client tool, without requiring a separate intervening application server. A client proxy (tool side) communicates exclusively with a server proxy (database side). In response to a connect request in a database protocol (e.g., Structured Query Language—SQL) received from the tool by the client proxy, the server proxy is caused to initiate an authentication process (e.g., using Security Assertion Markup Language—SAML) with an Identity Provider (IdP). The client proxy intercepts and extracts a security token from the IdP in order to establish a tunnel with the server proxy. Upon ultimately receiving the connect command through the tunnel, the server proxy replaces an end-user credential (recognized by the tool but meaningless to the database) with the security token in order to establish a technical user and a query session context that can be recognized by the database.