Comments (14)
Do you have environment variable AWS_PROFILE set?
from aws-adfs.
@venth no, there's no AWS_PROFILE set. The only AWS_* env is AWS_DEFAULT_REGION.
from aws-adfs.
Would you like to send me results of aws-adfs --verbose login ....
command via e-mail? My email address is: artur(dot)krysiak(dot)warszawa(at)gmail.com
I found the cause and I need HTML results to see what I missed during parsing.
from aws-adfs.
@venth A sanitized output has been sent your way, thank you!
from aws-adfs.
@venth would you like any more outputs? Otherwise I will just watch and wait for a fix. I've downgraded back to known working version of 0.3.3 as an interim measure.
from aws-adfs.
Now, I'm completely occupied by my son. That's why fixes are postponed... :(
from aws-adfs.
Patch provided with version: 0.3.8
from aws-adfs.
This issue doesn't appear to be fixed in version 0.3.8
2017-07-27 17:51:10,754 [authenticator authenticator.py:authenticate] [90346-MainProcess] [140736902673344-MainThread] - ERROR: Cannot extract saml assertion. Second factor authentication failed?
Username [[email protected]]:
Password:
Sending request for authentication
Waiting for additional authentication
Going for aws roles
Traceback (most recent call last):
File "/usr/local/bin/aws-adfs", line 11, in <module>
sys.exit(cli())
File "/usr/local/lib/python2.7/site-packages/click/core.py", line 722, in __call__
return self.main(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/click/core.py", line 697, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python2.7/site-packages/click/core.py", line 1066, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python2.7/site-packages/click/core.py", line 895, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python2.7/site-packages/click/core.py", line 535, in invoke
return callback(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/aws_adfs/login.py", line 91, in login
principal_roles, assertion, aws_session_duration = authenticator.authenticate(config, username, password)
File "/usr/local/lib/python2.7/site-packages/aws_adfs/authenticator.py", line 38, in authenticate
principal_roles)
File "/usr/local/lib/python2.7/site-packages/aws_adfs/authenticator.py", line 57, in _aggregate_roles_by_account_alias
if account_aliases[account_no] not in aggregated_accounts:
KeyError: '############'
05:51 PM:-=@MAC: >
from aws-adfs.
So, the cause I found seems to be different. I found out that for the failing account number its alias was not provided and the results in html looked like:
<div class="saml-account-name">Account: 1234567890</div>
instead of:
<div class="saml-account-name">Account: Account-Awesome-Alias (1234567890)</div>
It seems that, handling this specific situation didn't help. I'll fix it as follows:
- in case there cannot be account alias extracted, I'll use simply account number as it's alias.
from aws-adfs.
Afore mentioned change delivered with version 0.3.9
from aws-adfs.
Hi @venth,
The issue seems to be resolved, however, I am receiving this output prior to entering username:
2017-07-29 08:00:19,403 [authenticator authenticator.py:authenticate] [29856-MainProcess] [140736811815872-MainThread] - ERROR: Cannot extract saml assertion. Second factor authentication failed?
from aws-adfs.
The messages, you haven seen, are caused by the authentication attempt. For the first time aws-adfs tries to authenticate against adfs server based on the information stored in a profile chosen by --profile switch. The assumption is that you're already authenticated and want to extend aws session. If the attempt fails, regular authentication is performed.
from aws-adfs.
@dplunk @venth I can confirm this bug is resolved in 0.3.9.
from aws-adfs.
Thanks @anthoneous. I close the issue then.
from aws-adfs.
Related Issues (20)
- going back and forth between multiple hosts HOT 2
- `login --role-arn "?"` not working on an existing profile HOT 5
- Failed to establish a new connection: [Errno 11001] getaddrinfo failed')) HOT 1
- cache file truncation HOT 1
- Duo Universal Prompt breaks aws-adfs compatibility HOT 1
- RSA SecureIDAuthenticaton change to SecurIDv2Authentication HOT 1
- fido2 1.0.0 breaks aws-adfs HOT 6
- feature: Allow enforcing config role_arn HOT 1
- Failed response from Duo HOT 7
- Preferred Usage Patterns -- Role Chaining HOT 2
- Number Matching | Microsoft Authenticator HOT 5
- `Userwarning: http.cookiejar bug!` and no longer have access to any roles HOT 1
- Better support for Azure MFA Server Authentication HOT 1
- Initial aws-adfs login fails due to connection forcibly closed HOT 1
- Failed response from DUO on macOS Darwin HOT 3
- aws-adfs: command not found HOT 10
- ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for fips HOT 1
- All DUO authentication methods currently failing HOT 13
- Error: Cannot begin authentication process. The error response: {"stat": "FAIL", "message_enum": 57, "data": {}} HOT 3
- fails creating new profile on Windows
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-adfs.