Upgrade from 0.3.6 to 0.3.7 breaking simple authentication about aws-adfs HOT 14 CLOSED

Do you have environment variable AWS_PROFILE set?

from aws-adfs.

@venth no, there's no AWS_PROFILE set. The only AWS_* env is AWS_DEFAULT_REGION.

from aws-adfs.

Would you like to send me results of aws-adfs --verbose login .... command via e-mail? My email address is: artur(dot)krysiak(dot)warszawa(at)gmail.com

I found the cause and I need HTML results to see what I missed during parsing.

from aws-adfs.

@venth A sanitized output has been sent your way, thank you!

from aws-adfs.

@venth would you like any more outputs? Otherwise I will just watch and wait for a fix. I've downgraded back to known working version of 0.3.3 as an interim measure.

from aws-adfs.

Now, I'm completely occupied by my son. That's why fixes are postponed... :(

from aws-adfs.

Patch provided with version: 0.3.8

from aws-adfs.

This issue doesn't appear to be fixed in version 0.3.8

2017-07-27 17:51:10,754 [authenticator authenticator.py:authenticate] [90346-MainProcess] [140736902673344-MainThread] - ERROR: Cannot extract saml assertion. Second factor authentication failed?
Username [[email protected]]:
Password:
Sending request for authentication
Waiting for additional authentication
Going for aws roles
Traceback (most recent call last):
  File "/usr/local/bin/aws-adfs", line 11, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python2.7/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python2.7/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python2.7/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python2.7/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/aws_adfs/login.py", line 91, in login
    principal_roles, assertion, aws_session_duration = authenticator.authenticate(config, username, password)
  File "/usr/local/lib/python2.7/site-packages/aws_adfs/authenticator.py", line 38, in authenticate
    principal_roles)
  File "/usr/local/lib/python2.7/site-packages/aws_adfs/authenticator.py", line 57, in _aggregate_roles_by_account_alias
    if account_aliases[account_no] not in aggregated_accounts:
KeyError: '############'
05:51 PM:-=@MAC: >

from aws-adfs.

So, the cause I found seems to be different. I found out that for the failing account number its alias was not provided and the results in html looked like:
<div class="saml-account-name">Account: 1234567890</div> instead of:
<div class="saml-account-name">Account: Account-Awesome-Alias (1234567890)</div>
It seems that, handling this specific situation didn't help. I'll fix it as follows:

• in case there cannot be account alias extracted, I'll use simply account number as it's alias.

from aws-adfs.

Afore mentioned change delivered with version 0.3.9

from aws-adfs.

Hi @venth,

The issue seems to be resolved, however, I am receiving this output prior to entering username:

2017-07-29 08:00:19,403 [authenticator authenticator.py:authenticate] [29856-MainProcess] [140736811815872-MainThread] - ERROR: Cannot extract saml assertion. Second factor authentication failed?

from aws-adfs.

The messages, you haven seen, are caused by the authentication attempt. For the first time aws-adfs tries to authenticate against adfs server based on the information stored in a profile chosen by --profile switch. The assumption is that you're already authenticated and want to extend aws session. If the attempt fails, regular authentication is performed.

from aws-adfs.

@dplunk @venth I can confirm this bug is resolved in 0.3.9.

from aws-adfs.

Thanks @anthoneous. I close the issue then.

from aws-adfs.