search

Noovolari / leapp

Leapp is the DevTool to access your cloud
https://www.leapp.cloud/
Mozilla Public License 2.0
1.57k stars 143 forks source link

When AWS SSO session expires, Leapp doesn't refresh the global session #342

Open lordgordon opened 1 year ago

lordgordon commented 1 year ago

Describe the bug My AWS SSO session expires after a few hours. When this happens, every time I run a command that requires AWS credentials Leapp opens the browser to re-authenticate. Unfortunately, this only authenticates the single session, not the whole integration.

A workaround is to remember to logout and then login again the AWS SSO integration in order to be able to work without further interruptions and browser popups.

To Reproduce Steps to reproduce the behavior:

  1. Login the AWS SSO integration -> the browser popups to authorize the integration
  2. Start a session.
  3. Run multiple aws commands (i.e.: aws sts get-caller-identity). It works without interruptions.
  4. Wait till the session expires.
  5. Run any aws command, es: aws sts get-caller-identity -> the browser popups to authorize the session.
  6. Running again the same command, the browser popups again.

Expected behavior I would like an automated way so that Leapp re-authenticate the main AWS SSO integration, to avoid to do manually the logout and login each time my main session expires.

Screenshots n.a.

Desktop (please complete the following information):

Additional context

AWS SSO using Okta as IdP, the session duration is set by Okta.

Using the process-credential method with Leapp cli.

andreacavagna01 commented 1 year ago

Thanks for reporting this.

It's not clear to me what your problem is.

If there is a Session online from the Credential process, we can check if the credentials are online and not expired. If yes, we ask for the login. It's more an enhancement than a bug I think

Hogue3pi commented 2 months ago

I have the same issue. I consider this broken functionality, not an enhancement.
The issue is this: When my SSO session expires and I run an AWS CLI command, Leapp opens a new tab in the browser to authenticate, as expected. However, this authorization does not refresh the SSO session. It appears to do nothing. I have to open the Leapp UI and login to the integration there to refresh the session.

Expected Behavior Leapp should use the triggered authorization workflow to refresh the SSO session, so that the command can continue without needing to switch to the Leaap UI and login.

Details Browser: Chrome on MacOS IdP: Okta AWS Credential Method: credential-process-method