Comments (5)
cybercussion
commented on July 27, 2024
1
Having a similar problem. I get a different response on / off VPN.
Off VPN I match the above.
On VPN I get:
awsprocesscreds-saml -e https://organization.okta.com/login/default -u '[email protected]' -p okta -a arn:aws:iam::1234567890123:role/AWS_Role_Name --verbose
Password:
Sending HTTP POST with username ([email protected]) and password to Okta API endpoint: https://organization.okta.com/api/v1/authn
Received HTTP response of status code: 200
Traceback (most recent call last):
File "/usr/local/bin/awsprocesscreds-saml", line 8, in <module>
sys.exit(saml())
File "/usr/local/lib/python3.7/site-packages/awsprocesscreds/cli.py", line 81, in saml
creds = fetcher.fetch_credentials()
File "/usr/local/lib/python3.7/site-packages/awsprocesscreds/saml.py", line 353, in fetch_credentials
creds = super(SAMLCredentialFetcher, self).fetch_credentials()
File "/usr/local/lib/python3.7/site-packages/botocore/credentials.py", line 566, in fetch_credentials
return self._get_cached_credentials()
File "/usr/local/lib/python3.7/site-packages/botocore/credentials.py", line 576, in _get_cached_credentials
response = self._get_credentials()
File "/usr/local/lib/python3.7/site-packages/awsprocesscreds/saml.py", line 362, in _get_credentials
kwargs = self._get_assume_role_kwargs()
File "/usr/local/lib/python3.7/site-packages/awsprocesscreds/saml.py", line 403, in _get_assume_role_kwargs
assertion = self._authenticator.retrieve_saml_assertion(config)
File "/usr/local/lib/python3.7/site-packages/awsprocesscreds/saml.py", line 245, in retrieve_saml_assertion
r = self._extract_saml_assertion_from_response(response.text)
File "/usr/local/lib/python3.7/site-packages/awsprocesscreds/saml.py", line 210, in _extract_saml_assertion_from_response
raise SAMLError(self._ERROR_LOGIN_FAILED)
awsprocesscreds.saml.SAMLError: Login failed, could not retrieve SAML assertion. Double check you have entered your password correctly.
from awsprocesscreds.
LarsLarsLars
commented on July 27, 2024
1
Hello, Same results for the VPN on/VPN Off cases.
With VPN :
File "c:\users\XXXl\appdata\local\programs\python\python39\lib\site-packages\awsprocesscreds\saml.py", line 210, in _extract_saml_assertion_from_response
raise SAMLError(self._ERROR_LOGIN_FAILED)
awsprocesscreds.saml.SAMLError: Login failed, could not retrieve SAML assertion. Double check you have entered your password correctly.
My Config file :
OS : W10, on Powershell,.
SOLVED
In order to use AWS CLI, in our ORG, we need to be members of a special Okta Group. So maybe check with your Org Cloud Admins.
from awsprocesscreds.
sureshselvam01
commented on July 27, 2024
Hello,
It seems that okta login no longer works. I am putting error log (I replaced there sensitive information)
username@MAC ~ % awsprocesscreds-saml --verbose -e https://organization.okta.com/app/amazon_aws/randomstringg/sso/saml -u '[email protected]' -p okta -a arn:aws:iam::1234567890:role/my-role Password: Sending HTTP POST with username ([email protected]) and password to Okta API endpoint: https://organization.okta.com/api/v1/authn Traceback (most recent call last): File "/Users/username/.pyenv/versions/3.8.0/bin/awsprocesscreds-saml", line 8, in <module> sys.exit(saml()) File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/cli.py", line 81, in saml creds = fetcher.fetch_credentials() File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 353, in fetch_credentials creds = super(SAMLCredentialFetcher, self).fetch_credentials() File "/Users/username/.local/lib/python3.8/site-packages/botocore/credentials.py", line 643, in fetch_credentials return self._get_cached_credentials() File "/Users/username/.local/lib/python3.8/site-packages/botocore/credentials.py", line 653, in _get_cached_credentials response = self._get_credentials() File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 362, in _get_credentials kwargs = self._get_assume_role_kwargs() File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 403, in _get_assume_role_kwargs assertion = self._authenticator.retrieve_saml_assertion(config) File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 240, in retrieve_saml_assertion session_token = parsed['sessionToken'] KeyError: 'sessionToken'
I tried the same what you did and got the same exception. Can you please help me out to get it resolve
from awsprocesscreds.
cybercussion
commented on July 27, 2024
For me the biggest issue I had was the config file had these comments in it and python was not ignoring them. I removed all the # statements.
from awsprocesscreds.
lowtianwei
commented on July 27, 2024
Hello,
It seems that okta login no longer works. I am putting error log (I replaced there sensitive information)username@MAC ~ % awsprocesscreds-saml --verbose -e https://organization.okta.com/app/amazon_aws/randomstringg/sso/saml -u '[email protected]' -p okta -a arn:aws:iam::1234567890:role/my-role Password: Sending HTTP POST with username ([email protected]) and password to Okta API endpoint: https://organization.okta.com/api/v1/authn Traceback (most recent call last): File "/Users/username/.pyenv/versions/3.8.0/bin/awsprocesscreds-saml", line 8, in <module> sys.exit(saml()) File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/cli.py", line 81, in saml creds = fetcher.fetch_credentials() File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 353, in fetch_credentials creds = super(SAMLCredentialFetcher, self).fetch_credentials() File "/Users/username/.local/lib/python3.8/site-packages/botocore/credentials.py", line 643, in fetch_credentials return self._get_cached_credentials() File "/Users/username/.local/lib/python3.8/site-packages/botocore/credentials.py", line 653, in _get_cached_credentials response = self._get_credentials() File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 362, in _get_credentials kwargs = self._get_assume_role_kwargs() File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 403, in _get_assume_role_kwargs assertion = self._authenticator.retrieve_saml_assertion(config) File "/Users/username/.pyenv/versions/3.8.0/lib/python3.8/site-packages/awsprocesscreds/saml.py", line 240, in retrieve_saml_assertion session_token = parsed['sessionToken'] KeyError: 'sessionToken'I tried the same what you did and got the same exception. Can you please help me out to get it resolve
I have the same issue as you. This is because https:///api/v1/authn response does not have "sessionToken". I fix this after reset okta password. You have to use the new password to login to console first before test again.
from awsprocesscreds.
Related Issues (20)
- Feature Request: Support Google Login HOT 1
- Feature request: Ability to accept additional input from end-user HOT 2
- F5 SSO provider HOT 2
- CLI option for specifying User Agent HOT 1
- --verbose parameter causes json parsing issue HOT 2
- Support for AWS SSO? HOT 11
- Can't use a default profile
- ssl error - cant ignore HOT 2
- json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) HOT 1
- Plug-in Architecture for Authenticators
- HTML Parsing is not robust enough
- Code is posting form back to url specified in configuration, not to the url you are on
- Support for setting DurationSeconds(MaxSessionDuration) during AssumeRoleWithSaml
- Support for disabling ssl verification
- Support for Duo Security MFA HOT 1
- Support for Shibboleth IdPv3 and shibcas authenticator
- Is the Credential Provider have to use the Windows password?
- Okta
- Archive project
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from awsprocesscreds.