Open lordgordon opened 1 year ago
Thanks for reporting this.
It's not clear to me what your problem is.
If there is a Session online from the Credential process, we can check if the credentials are online and not expired. If yes, we ask for the login. It's more an enhancement than a bug I think
I have the same issue. I consider this broken functionality, not an enhancement.
The issue is this: When my SSO session expires and I run an AWS CLI command, Leapp opens a new tab in the browser to authenticate, as expected. However, this authorization does not refresh the SSO session. It appears to do nothing. I have to open the Leapp UI and login to the integration there to refresh the session.
Expected Behavior Leapp should use the triggered authorization workflow to refresh the SSO session, so that the command can continue without needing to switch to the Leaap UI and login.
Details Browser: Chrome on MacOS IdP: Okta AWS Credential Method: credential-process-method
Describe the bug My AWS SSO session expires after a few hours. When this happens, every time I run a command that requires AWS credentials Leapp opens the browser to re-authenticate. Unfortunately, this only authenticates the single session, not the whole integration.
A workaround is to remember to logout and then login again the AWS SSO integration in order to be able to work without further interruptions and browser popups.
To Reproduce Steps to reproduce the behavior:
aws sts get-caller-identity
). It works without interruptions.aws sts get-caller-identity
-> the browser popups to authorize the session.Expected behavior I would like an automated way so that Leapp re-authenticate the main AWS SSO integration, to avoid to do manually the logout and login each time my main session expires.
Screenshots n.a.
Desktop (please complete the following information):
macOS
12.6 (21G115)
0.14.3
Additional context
AWS SSO using Okta as IdP, the session duration is set by Okta.
Using the process-credential method with Leapp cli.