Could the TTL display be updated to include the units? I know from experience that the numbers represent hours, but the UI does not make that clear, and coming from a DNS background, my brain keeps wanting it to be seconds.

Description

A user who attempts to retrieve session keys using keyconjurer get may receive the error:

Error: failed to fetch SAML assertion

Reproduction steps

1. Have a user log into KeyConjurer.
2. Entitle the user to a new AWS application.
3. Have the user run keyconjurer accounts.
4. Have the user run keyconjurer get [account name of new application].

Okta may reject a request to exchange tokens using token exchange flow. If it does, the error is silently dropped, and the code continues, ultimately submitting an empty Oauth2 token to the SAML assertion endpoint, which results in the above error.

Resolution

Return an ErrUnauthorized error to the end-user if this occurs during the token exchange endpoint. It's not clear if the response code from Okta is HTTP 500, HTTP 403 or simply a non-200 HTTP response code; Standards indicate that the response code should be HTTP 400. We will simply treat any non-200 status code as an unauthorized error.

Repro Steps

1. Do primary auth
2. When the account dropdown appears, click on the background (anywhere works just not on the dropdown item itself)
3. Press "Request Keys"
4. Receive error

Description of Bug
By not directly selecting an item in the dropdown menu, the event that sets the AppID does not trigger. This puts the UI in a state where it looks like an account has been selected but the programmatic side doesn't see it.

trying to download keyconjurer from the frontend results in an error and keyconjurer.xml

I frequently find myself clicking the copy button, then pasting all of the commands, then re-running the command that needed AWS environment variables sent.

For a lot of things, this works great, but some of them also need the default region variable, and I forget to set that one.

It would help my workflow a bunch (especially since I don't use AWS often enough to remember what that env variable is without looking it up) if Key Conjurer had an optional dropdown to pick the region, and would add the command to set the region env variable based on that dropdown as well.

App just crashes if there is no Duo Device.

When looking for a Duo device from the Onelogin flow, the device signatures are parsed into an array which is not checked for bounds before further use.

device := &onelogin.Device{} for i, aDevice := range stateTokenResponse.Devices { if aDevice.DeviceType == "Duo Duo Security" { device = &stateTokenResponse.Devices[i] } } signatures := strings.Split(device.SignatureRequest, ":") txSignature := signatures[0] appSignature := signatures[1]

path: api/authenticators/onelogin_duo/authenticator.go
lines: 103-111

Failed logins give failure feedback but success logins do not provide any feedback.

Could we get a "Login Success!" message on success?

Currently a bad username/password combo results in error message: unable to get aws credentials

While that's true, it should actually describe the reason which is a bad username/password combo.

The help command should show the shortcuts for exporting to environments without having to copy/pasta.