Comments (10)
from gsts.
@ruimarinho thank you! it's working great!
from gsts.
Hi @limewxr!
Can you add a logging line on https://github.com/ruimarinho/gsts/blob/master/parser.js#L29:
console.log(require('util').inspect(saml.parsedSaml, { depth: null }));
And remove any sensitive information? The role attribute is not being found so there's probably something new coming from the XML response.
The message "This site can't be reached" is expected and ultimately should be a successful message. I'm not loading that page to conserve bandwidth, but it means your login worked.
from gsts.
Thanks @ruimarinho for your prompt reply!
Here's the log (sensitive information masked):
{
attributes: [
{
name: 'https://aws.amazon.com/SAML/Attributes/RoleSessionName',
value: [ '[email protected]' ]
},
{
name: 'https://aws.amazon.com/SAML/Attributes/Role',
value: [
'arn:aws:iam::xxxxxxxxxx:role/xxxxxxxxxx,arn:aws:iam::xxxxxxxxxx:saml-provider/xxxxxxxxxx',
'arn:aws:iam::xxxxxxxxxx:role/xxxxxxxxxx,arn:aws:iam::xxxxxxxxxx:saml-provider/xxxxxxxxxx',
'arn:aws:iam::xxxxxxxxxx:role/xxxxxxxxxx,arn:aws:iam::xxxxxxxxxx:saml-provider/xxxxxxxxxx',
'arn:aws:iam::xxxxxxxxxx:role/xxxxxxxxxx,arn:aws:iam::xxxxxxxxxx:saml-provider/xxxxxxxxxx',
'arn:aws:iam::xxxxxxxxxx:role/xxxxxxxxxx,arn:aws:iam::xxxxxxxxxx:saml-provider/xxxxxxxxxx',
'arn:aws:iam::xxxxxxxxxx:role/xxxxxxxxxx,arn:aws:iam::xxxxxxxxxx:saml-provider/xxxxxxxxxx',
'arn:aws:iam::xxxxxxxxxx:role/xxxxxxxxxx,arn:aws:iam::xxxxxxxxxx:saml-provider/xxxxxxxxxx',
'arn:aws:iam::xxxxxxxxxx:role/xxxxxxxxxx,arn:aws:iam::xxxxxxxxxx:saml-provider/xxxxxxxxxx',
'arn:aws:iam::xxxxxxxxxx:role/xxxxxxxxxx,arn:aws:iam::xxxxxxxxxx:saml-provider/xxxxxxxxxx',
'arn:aws:iam::xxxxxxxxxx:role/xxxxxxxxxx,arn:aws:iam::xxxxxxxxxx:saml-provider/xxxxxxxxxx',
'arn:aws:iam::xxxxxxxxxx:role/xxxxxxxxxx,arn:aws:iam::xxxxxxxxxx:saml-provider/xxxxxxxxxx'
]
},
{
name: 'https://aws.amazon.com/SAML/Attributes/SessionDuration',
value: [ '43200' ]
}
]
}
from gsts.
OK, I think I know why this happens and how to reproduce:
This happens when I try to assume an IAM role that's not granted to me, i.e. not in the Role list.
So, the question becomes if we can handle this error in a more elegant way, e.g. tell the user that the username and password are valid, but the role specified by the user does not exist or is not granted to the user?
Appreciate your thoughts on this, thanks!
from gsts.
By the way, an issue with the aws-google-auth project is that its "Invalid username or password" error message is misleading.
It took our users a long time to retry the correct password quite a few times and on different computers, when the actual error was not a username or password issue at all, but the JavaScript requirement that Google is rolling out.
So I really would appreciate it if you can help make sure that gsts
gives the accurate error message to users to avoid unnecessary frustration. Thanks!
from gsts.
I'm running into this issue for a role that I have access to. It works fine from the console but not with gsts.
from gsts.
If I omit the role arn flag, it works against one of the roles. But I can't figure out how to switch to other roles
from gsts.
@limewxr thank you for the sample response. I already had a test for multiple roles but the issue was in capturing the 'role not found' error. I took the opportunity to make the result more descriptive as per @saada suggestion.
I have fixed one tiny bug related to the principal associated with the role ARN (not observed in your case) just in case you are assigned a profile with a different identity provider (unlikely).
@saada could you please open a new issue if it still persists after upgrading to 2.2.1? The Invalid username or password
issue does not apply to gsts
because the UI is used for authentication. There is no parsing or scraping done so you see what you get.
from gsts.
@limewxr @saada in case you're interested, I've published a new version with a revamped UI as [email protected]
. Would be great to have your feedback!
from gsts.
Related Issues (20)
- Allow for usage of aws config file for google config like aws-google-auth does HOT 5
- Add Okta identity support HOT 2
- existing entries in credentials file error HOT 3
- multiple daemon entries HOT 1
- ERR_CONNECTION_CLOSED HOT 2
- Add option to copy URL instead of opening browser automatically HOT 3
- Why do credentials default to ~/.aws/credentials ? HOT 3
- Error: Cannot find module 'agent-base' HOT 1
- headless chrome spins forever HOT 3
- Option to disable "Login is still valid, no need to re-authorize!" log line? HOT 1
- Use gsts without browser HOT 1
- Upgrade AWS SDK to v3
- Ubuntu jammy snap firefox errors on --clean HOT 1
- gsts v5.0.0 ignores `--aws-profile` argument and always uses `default` HOT 2
- gsts v5.0.0 can't handle multiple profiles HOT 1
- gsts v.5.0.0 missing files HOT 3
- Profile not found in credentials file HOT 2
- EKS authentication is not working . HOT 3
- No credentials are written to ~/.aws/credentials as of v5.0.0 HOT 4
- brew install [email protected] failed HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gsts.