search

Versent / saml2aws

CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP
https://github.com/Versent/saml2aws
MIT License
2.07k stars 562 forks source link

Support: Recent SSO "improvement" by JumpCloud affecting saml auth #240

Closed CholtonATX closed 6 years ago

CholtonATX commented 6 years ago

Following a recent email from JumpCloud regarding a "new and improved SSO sign in experience", my coworker and I have recently both been unable to authenticate via saml2aws login. I have logged a support request from them for clarification

Nothing has been changed on either the JumpCloud side nor the AWS side that would affect this environment. When I run saml2aws --verbose login, this is my result:

DEBU[0000] Running                                       command=login
DEBU[0000] check if Creds Exist                          command=login
DEBU[0000] Expand                                        name=/Users/cholton/.aws/credentials pkg=awsconfig
DEBU[0000] resolveSymlink                                name=/Users/cholton/.aws/credentials pkg=awsconfig
DEBU[0000] ensureConfigExists                            filename=/Users/cholton/.aws/credentials pkg=awsconfig
Using IDP Account default to access JumpCloud https://sso.jumpcloud.com/saml2/aws*****
DEBU[0000] Get credentials                               helper=osxkeychain serverURL="https://sso.jumpcloud.com/saml2/aws-admin"
DEBU[0000] Get credentials                               helper=osxkeychain user=cholton@******.com
To use saved password just hit enter.
? Username cholton@enthought.com
? Password

DEBU[0004] building provider                             command=login idpAccount="account {\n  URL: https://sso.jumpcloud.com/saml2/aws-admin\n  Username: cholton@******.com\n  Provider: JumpCloud\n  MFA: Auto\n  SkipVerify: false\n  AmazonWebservicesURN: urn:amazon:webservices\n  SessionDuration: 3600\n  Profile: saml\n}"
Authenticating as cholton@******.com ...
unable to locate IDP authentication form submit URL
error authenticating to IdP
github.com/versent/saml2aws/cmd/saml2aws/commands.Login
    /Users/markw/Code/go/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:67
main.main
    /Users/markw/Code/go/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:125
runtime.main
    /usr/local/Cellar/go/1.11/libexec/src/runtime/proc.go:201
runtime.goexit
    /usr/local/Cellar/go/1.11/libexec/src/runtime/asm_amd64.s:1333
vr00n commented 6 years ago

Same.

bendrio commented 6 years ago

Yep, really bad timing for this...

bendrio commented 6 years ago

I submitted a ticket and then, in the response they stated that support was gone for the day. Who the hell pushes changes like that and then leaves for the day?

tomgoren commented 6 years ago

Looks like this commit should fix the issue, and we're just waiting for a new release.

wolfeidau commented 6 years ago

@tomgoren There is now a release for this, if you can report back on its status that would be amazing.

Thanks

Kwasniewski commented 6 years ago

Hey @wolfeidau works great for us!

You would make my day if you could bump the tap also.

wolfeidau commented 6 years ago

🚢 ed

Happy aws'ing.

CholtonATX commented 6 years ago

Thanks y'all. FTR, this is the response I got from JC Support:

Hi Christian,
Thanks for reaching out to JumpCloud Support. I’m sorry you’ve run into these issues, but please check out the following links to help with this:

https://github.com/Versent/saml2aws/issues/230

https://github.com/Versent/saml2aws/issues/237

Apologies for the interruption.
CholtonATX commented 6 years ago

Just updated and its working. Cheers.