Versent / saml2aws

CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP
https://github.com/Versent/saml2aws
MIT License
2.08k stars 562 forks source link

Issue configuring PingOne as identity provider from the cli #1294

Closed drnushooz closed 4 months ago

drnushooz commented 5 months ago

I am encountering an issue while trying to configure PingOne as the IdP from command line when it is passed as an option for --idp-provider in the saml2aws configure command. Below is an example.

saml2aws configure \
    --idp-provider=PingOne \
    --username=$(whoami) \
    --region=us-east-1 \
    --url=<IDP URI> \
    --idp-account=test \
    --profile=saml \
    --cache-saml \
    --mfa=Auto \
    --skip-prompt

saml2aws: error: enum value must be one of Akamai,AzureAD,ADFS,ADFS2,Browser,GoogleApps,Ping,JumpCloud,Okta,OneLogin,PSU,KeyCloak,F5APM,Shibboleth,ShibbolethECP,NetIQ,Auth0, got 'PingOne', try --help

If the IdP is configured without the cli option, it is a valid choice in the drop down. This makes it difficult to use the configure command in non interactive environment. It appears that main.go has a list of hardcoded providers. This list should probably come from a variable.

tinaboyce commented 4 months ago

Thanks for spending the time to raise this issue! Made a PR: https://github.com/Versent/saml2aws/pull/1305

Luckily the interactive drop-down to select the provider is already provided by the handy function input.go#L17-#L21 so all I had to do was copy the same function and use it to replace the list of hard-coded providers main.go#L75

Below is using the locally built binary against the PR I made for this issue:

➜  saml2aws_darwin_arm64 git:(1294-missing-idp-provider) ✗ ./saml2aws configure --idp-provider=PingOn
saml2aws: error: enum value must be one of ADFS,ADFS2,Akamai,Auth0,Authentik,AzureAD,Browser,F5APM,GoogleApps,JumpCloud,KeyCloak,NetIQ,Okta,OneLogin,Ping,PingNTLM,PingOne,Shibboleth,ShibbolethECP, got 'PingOn', try --help
➜  saml2aws_darwin_arm64 git:(1294-missing-idp-provider) ✗ ./saml2aws configure --idp-provider=PingOne
? Please choose a provider:  [Use arrows to move, type to filter]
  Okta
  OneLogin
  Ping
  PingNTLM
> PingOne
  Shibboleth
  ShibbolethECP
failed to input configuration: error selecting provider file: bad input
➜  saml2aws_darwin_arm64 git:(1294-missing-idp-provider) ✗
tinaboyce commented 3 months ago

@drnushooz just letting you know the changes made to fix this issue has been included in the new release (v2.36.17).

drnushooz commented 3 months ago

@drnushooz just letting you know the changes made to fix this issue has been included in the new release (v2.36.17).

Thank you, I will take the new version for a spin.