Versent / saml2aws

CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP
https://github.com/Versent/saml2aws
MIT License
2.09k stars 564 forks source link

saml2aws login hang at waiting state with provider=browser #1338

Open vanhoale opened 3 months ago

vanhoale commented 3 months ago

Hi,

I'm having an issue with saml2aws login with chrome browser provider, the below is verbose logs:

saml2aws login --verbose
DEBU[0000] Running                                       command=login
DEBU[0000] Check if creds exist.                         command=login
DEBU[0000] Expand                                        name=/Users/xxx/.aws/credentials pkg=awsconfig
DEBU[0000] resolveSymlink                                name=/Users/xxx/.aws/credentials pkg=awsconfig
DEBU[0000] ensureConfigExists                            filename=/Users/xxx/.aws/credentials pkg=awsconfig
Using IdP Account default to access Browser https://xxxxxx.signin.aws.amazon.com/console
DEBU[0000] Get credentials                               helper=osxkeychain serverURL="https://xxxxxx.signin.aws.amazon.com/console"
DEBU[0000] Get credentials                               helper=osxkeychain user=xxxxx
To use saved password just hit enter.
? Username xxxxx
? Password 

DEBU[0001] building provider                             command=login idpAccount="account {\n  URL: https://xxxxxx.signin.aws.amazon.com/console\n  Username: xxxxx\n  Provider: Browser\n  MFA: \n  SkipVerify: true\n  AmazonWebservicesURN: urn:amazon:webservices\n  SessionDuration: 3600\n  Profile: default\n  RoleARN: \n  Region: us-east-1\n}"
Authenticating as xxxxx ...
INFO[0002] Setting browser type: chromium                provider=browser
INFO[0004] opening browser                               URL="https://xxxxxx.signin.aws.amazon.com/console" provider=browser
INFO[0007] waiting ...                                   provider=browser
^C

It opened Chrome browser and I prompted username and password in the browser, but it never called back to the saml2aws session Did I do something wrong?

faridnsh commented 3 months ago

Hi @vanhoale,

Not a contributor, just a random stranger passing by. It looks like you are using AWS Identity Center(previously SSO) which I don't think this product supports. Couple of other issues for this: #1261 #1196