Not working in AWS China

[erikhakansson]

Extension Version

1.7.6

Description

SSO logins in AWS China aren't picked up as in ROW.

Might be because they are initiated from awsapps.cn instead of awsapps.com?

Browsers

Chrome

OS

Linux

[WTFender]

There's a lot of .cn support missing, but it should be easy to add.

Let me figure out how to register an AWS China account 😅.

[erikhakansson]

Thanks! They have English versions of everything but are usually a few months behind ROW.

[WTFender]

I have not been able to get an AWS China account registered; it's free, but requires a lot of legitimate Chinese info I don't have.

@erikhakansson If you or anybody wanted to set me up as a user in an existing account, that'd help a ton, but otherwise I'll see what I can figure out - wtfender.cs@gmail.com

[erikhakansson]

Sorry, I don't have any such accesses. It's all federated centrally somewhere!

I'd love to help out with testing though.

[0mnius]

I have not been able to get an AWS China account registered; it's free, but requires a lot of legitimate Chinese info I don't have.

@erikhakansson If you or anybody wanted to set me up as a user in an existing account, that'd help a ton, but otherwise I'll see what I can figure out - wtfender.cs@gmail.com

I also interested in a feature/fix and would love to help. Will DM you in X with details.

[WTFender]

@0mnius lmk!

[luk-kop]

Hi, are there any updates regarding AWS China support?

[luk-kop]

I can confirm that AWS Access Portal in AWS China is different than outside China. In China partition I have used https://start.home.awsapps.cn/directory/{directoryId} instead of https://{directoryId}.awsapps.com/start. If I am not wrong, this URL is set here.

[WTFender]

@luk-kop I haven't been able to setup or access a china account to work on this.

If anybody can invite/provide me permissions to one, happy to work on it.

[WTFender]

I can confirm that AWS Access Portal in AWS China is different than outside China. In China partition I have used https://start.home.awsapps.cn/directory/{directoryId} instead of https://{directoryId}.awsapps.com/start. If I am not wrong, this URL is set here.

I can add this soon, but won't be able to test it

[luk-kop]

Thanks, I will try to test it. Let me know if you add this change.

[WTFender]

I went to make this change today and I'll be honest that I'm not going to try it until I can get access to an account to test or significant insight into the URLs being used.

There are too many situations where I've hardcoded .com and need to figure out which to use... while assuming the URL format stays the same for CN (which it's already kinda different).

@luk-kop If you want to record a HAR file of you logging into AWS SSO (CN) and then clicking/logging into one of your AWS accounts, that may give me all the URL info I need. That HAR file will have sensitive info in it - you can send it to wtfender.cs[at]gmail.com.

[luk-kop]

Sure, I'll try to sanitize the HAR file (somehow) and send it in a few days

[WTFender]

@luk-kop key part is just making sure your username & password aren't captured.

All of your other tokens and cookies will expire (but I wouldn't blame you for being extra careful).

[luk-kop]

Hi @WTFender, you can find HAR files in your mailbox