Comments (5)
Having a similar problem. I get a different response on / off VPN.
Off VPN I match the above.
On VPN I get:
awsprocesscreds-saml -e https://organization.okta.com/login/default -u '[email protected]' -p okta -a arn:aws:iam::1234567890123:role/AWS_Role_Name --verbose
Password:
Sending HTTP POST with username ([email protected]) and password to Okta API endpoint: https://organization.okta.com/api/v1/authn
Received HTTP response of status code: 200
Traceback (most recent call last):
File "/usr/local/bin/awsprocesscreds-saml", line 8, in <module>
sys.exit(saml())
File "/usr/local/lib/python3.7/site-packages/awsprocesscreds/cli.py", line 81, in saml
creds = fetcher.fetch_credentials()
File "/usr/local/lib/python3.7/site-packages/awsprocesscreds/saml.py", line 353, in fetch_credentials
creds = super(SAMLCredentialFetcher, self).fetch_credentials()
File "/usr/local/lib/python3.7/site-packages/botocore/credentials.py", line 566, in fetch_credentials
return self._get_cached_credentials()
File "/usr/local/lib/python3.7/site-packages/botocore/credentials.py", line 576, in _get_cached_credentials
response = self._get_credentials()
File "/usr/local/lib/python3.7/site-packages/awsprocesscreds/saml.py", line 362, in _get_credentials
kwargs = self._get_assume_role_kwargs()
File "/usr/local/lib/python3.7/site-packages/awsprocesscreds/saml.py", line 403, in _get_assume_role_kwargs
assertion = self._authenticator.retrieve_saml_assertion(config)
File "/usr/local/lib/python3.7/site-packages/awsprocesscreds/saml.py", line 245, in retrieve_saml_assertion
r = self._extract_saml_assertion_from_response(response.text)
File "/usr/local/lib/python3.7/site-packages/awsprocesscreds/saml.py", line 210, in _extract_saml_assertion_from_response
raise SAMLError(self._ERROR_LOGIN_FAILED)
awsprocesscreds.saml.SAMLError: Login failed, could not retrieve SAML assertion. Double check you have entered your password correctly.
from awsprocesscreds.
Hello, Same results for the VPN on/VPN Off cases.
With VPN :
File "c:\users\XXXl\appdata\local\programs\python\python39\lib\site-packages\awsprocesscreds\saml.py", line 210, in _extract_saml_assertion_from_response
raise SAMLError(self._ERROR_LOGIN_FAILED)
awsprocesscreds.saml.SAMLError: Login failed, could not retrieve SAML assertion. Double check you have entered your password correctly.
OS : W10, on Powershell,.
SOLVED
In order to use AWS CLI, in our ORG, we need to be members of a special Okta Group. So maybe check with your Org Cloud Admins.
from awsprocesscreds.
Hello,
It seems that okta login no longer works. I am putting error log (I replaced there sensitive information)
username@MAC ~ % awsprocesscreds-saml --verbose -e https://organization.okta.com/app/amazon_aws/randomstringg/sso/saml -u '[email protected]' -p okta -a arn:aws:iam::1234567890:role/my-role Password: Sending HTTP POST with username ([email protected]) and password to Okta API endpoint: https://organization.okta.com/api/v1/authn Traceback (most recent call last): File "/Users/username/.pyenv/versions/3.8.0/bin/awsprocesscreds-saml", line 8, in <module> sys.exit(saml()) File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/cli.py", line 81, in saml creds = fetcher.fetch_credentials() File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 353, in fetch_credentials creds = super(SAMLCredentialFetcher, self).fetch_credentials() File "/Users/username/.local/lib/python3.8/site-packages/botocore/credentials.py", line 643, in fetch_credentials return self._get_cached_credentials() File "/Users/username/.local/lib/python3.8/site-packages/botocore/credentials.py", line 653, in _get_cached_credentials response = self._get_credentials() File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 362, in _get_credentials kwargs = self._get_assume_role_kwargs() File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 403, in _get_assume_role_kwargs assertion = self._authenticator.retrieve_saml_assertion(config) File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 240, in retrieve_saml_assertion session_token = parsed['sessionToken'] KeyError: 'sessionToken'
I tried the same what you did and got the same exception. Can you please help me out to get it resolve
from awsprocesscreds.
For me the biggest issue I had was the config file had these comments in it and python was not ignoring them. I removed all the # statements.
from awsprocesscreds.
Hello,
It seems that okta login no longer works. I am putting error log (I replaced there sensitive information)username@MAC ~ % awsprocesscreds-saml --verbose -e https://organization.okta.com/app/amazon_aws/randomstringg/sso/saml -u '[email protected]' -p okta -a arn:aws:iam::1234567890:role/my-role Password: Sending HTTP POST with username ([email protected]) and password to Okta API endpoint: https://organization.okta.com/api/v1/authn Traceback (most recent call last): File "/Users/username/.pyenv/versions/3.8.0/bin/awsprocesscreds-saml", line 8, in <module> sys.exit(saml()) File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/cli.py", line 81, in saml creds = fetcher.fetch_credentials() File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 353, in fetch_credentials creds = super(SAMLCredentialFetcher, self).fetch_credentials() File "/Users/username/.local/lib/python3.8/site-packages/botocore/credentials.py", line 643, in fetch_credentials return self._get_cached_credentials() File "/Users/username/.local/lib/python3.8/site-packages/botocore/credentials.py", line 653, in _get_cached_credentials response = self._get_credentials() File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 362, in _get_credentials kwargs = self._get_assume_role_kwargs() File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 403, in _get_assume_role_kwargs assertion = self._authenticator.retrieve_saml_assertion(config) File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 240, in retrieve_saml_assertion session_token = parsed['sessionToken'] KeyError: 'sessionToken'
I tried the same what you did and got the same exception. Can you please help me out to get it resolve
I have the same issue as you. This is because https:///api/v1/authn response does not have "sessionToken". I fix this after reset okta password. You have to use the new password to login to console first before test again.
from awsprocesscreds.
Related Issues (20)
- Feature Request: Support Google Login HOT 1
- Feature request: Ability to accept additional input from end-user HOT 2
- F5 SSO provider HOT 2
- CLI option for specifying User Agent HOT 1
- --verbose parameter causes json parsing issue HOT 2
- Support for AWS SSO? HOT 11
- Can't use a default profile
- ssl error - cant ignore HOT 2
- json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) HOT 1
- Plug-in Architecture for Authenticators
- HTML Parsing is not robust enough
- Code is posting form back to url specified in configuration, not to the url you are on
- Support for setting DurationSeconds(MaxSessionDuration) during AssumeRoleWithSaml
- Support for disabling ssl verification
- Support for Duo Security MFA HOT 1
- Support for Shibboleth IdPv3 and shibcas authenticator
- Is the Credential Provider have to use the Windows password?
- Okta
- Archive project
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from awsprocesscreds.