Comments (9)
Ah, now I see the problem. It's like @patrickdean is saying. In botocore, when you create a client it will always try to resolve credentials even if you're creating a client with the special UNSIGNED
signature version. I created an issue on botocore here: boto/botocore#1472 to track the issue.
from awsprocesscreds.
I run into this if my default profile is set to use awsprocesscreds-saml. The boto client that gets setup to handle the STS assume seems to need any profile with credentials to work properly.
For example
export AWS_DEFAULT_PROFILE=profile-with-existing-creds
aws s3 ls --profile profile-with-awsprocesscreds
Seems to always work. But
export AWS_DEFAULT_PROFILE=profile-with-awsprocesscreds
aws s3 ls
Will continue to prompt unless there are cached sts creds already. And for me it's prompting after receiving the saml assertion successfully.
Must be a bug in the way the boto client is getting setup.
from awsprocesscreds.
same problem here. i have several profiles set up but rather than adding --profile <profilename>
to every call, i tried to set AWS_PROFILE
and AWS_DEFAULT_PROFILE
to the profile i want to use and i keep getting prompted for the password.
from awsprocesscreds.
I am seeing the same issue as well federating with okta. If I run awsprocesscreds-saml with the -v flag. I successfully receive the SAML assertion but then I am reprompted for my password continually in a loop and I don't end up getting temporary credentials to use with the aws cli.
from awsprocesscreds.
Does seem to be an issue with using the default profile. If I delete my aws config and re-run everything having just a named profile in the config it works fine.
from awsprocesscreds.
That's odd that it's only occurring for the default profile. I'll look into it.
from awsprocesscreds.
I'm trying and failing to reproduce this. Is this happening when you're running code using boto3 or just from the CLI?
from awsprocesscreds.
I was able to reproduce this issue by removing my access keys for my default profile from ~/.aws/credentials
. It seems like when botocore creates a client it expects at least one set of credentials for logging into aws and will try using the default profile as one credential provider. So if the default profile doesn't have access keys (and there are no environment variables setting creds) then the password prompt from botocore shows up.
Here's how I dealt with the issue (#20) though I'm open to a more elegant solution too :)
from awsprocesscreds.
I've experienced the same issue as well. I don't think the issue is with awsprocesscreds, but rather with botocore itself. Like @git-phu said, botocore expects some credentials upon creation. When it can't find them, it instead executes the credential_process found in the config (if credential_process is in the profile being used), thus calling awsprocesscreds again.
from awsprocesscreds.
Related Issues (20)
- Feature Request: Support Google Login HOT 1
- Feature request: Ability to accept additional input from end-user HOT 2
- F5 SSO provider HOT 2
- CLI option for specifying User Agent HOT 1
- --verbose parameter causes json parsing issue HOT 2
- Support for AWS SSO? HOT 11
- Can't use a default profile
- ssl error - cant ignore HOT 2
- json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) HOT 1
- Plug-in Architecture for Authenticators
- HTML Parsing is not robust enough
- Code is posting form back to url specified in configuration, not to the url you are on
- Support for setting DurationSeconds(MaxSessionDuration) during AssumeRoleWithSaml
- Support for disabling ssl verification
- Okta broken HOT 5
- Support for Duo Security MFA HOT 1
- Support for Shibboleth IdPv3 and shibcas authenticator
- Is the Credential Provider have to use the Windows password?
- Okta
- Archive project
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from awsprocesscreds.