search

cevoaustralia / aws-google-auth

Provides AWS STS credentials based on Google Apps SAML SSO auth (what a jumble!)
MIT License
537 stars 181 forks source link

Something went wrong - Could not find SAML response #138

Open max-rocket-internet opened 5 years ago

max-rocket-internet commented 5 years ago

I get this randomly these days. I am using the Google App to click Yes very quickly. If I retry later it seems to work.

Version: 0.0.31

I saved the HTML and it looks like this:

Screen Shot 2019-07-02 at 14 23 29

max-rocket-internet commented 5 years ago

Is there some way I can get more debug?

max-rocket-internet commented 5 years ago

Ahh I see there's a log level option. I'll post a log when it next happens.

LucasSymons commented 4 years ago

getting this back as well, but these are my logs. This was running in a docker container as i was getting the same failure at my CLI and wanted to test a diffrent machine. So this is a fresh install. 

bash-4.2# aws-google-auth -I C03*** -S **** --username ********* -d 3600 -R ap-southeast-2 -p default -k -a --save-failure-html
INFO:root:aws_google_auth: SAML cache not found
Google Password: 
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): accounts.google.com: 443
DEBUG:urllib3.connectionpool:https: //accounts.google.com:443 "GET /o/saml2/initsso?idpid=******&spid=********&forceauthn=false HTTP/1.1" 302 0
DEBUG:urllib3.connectionpool:https: //accounts.google.com:443 "GET /ServiceLogin?passive=1209600&continue=https://accounts.google.com/o/saml2/initsso?idpid%3D******%26spid%3D********%26forceauthn%3Dfalse%26from_login%3D1%26as%3DZOZ7bp2FTvjT_jjKSfGsnQ&followup=https://accounts.google.com/o/saml2/initsso?idpid%3D******%26spid%3D********%26forceauthn%3Dfalse%26from_login%3D1%26as%3DZOZ7bp2FTvjT_jjKSfGsnQ&ltmpl=popup&oauth=1&faa=1&sarp=1&scc=1 HTTP/1.1" 200 None
DEBUG:urllib3.connectionpool:https: //accounts.google.com:443 "POST /signin/v1/lookup HTTP/1.1" 200 None
DEBUG:urllib3.connectionpool:https: //accounts.google.com:443 "POST /signin/challenge/sl/password HTTP/1.1" 302 551
DEBUG:urllib3.connectionpool:https: //accounts.google.com:443 "GET /signin/challenge/az/3?continue=https%3A%2F%2Faccounts.google.com%2Fo%2Fsaml2%2Finitsso%3Fidpid%3D******%26spid%3D********%26forceauthn%3Dfalse%26from_login%3D1%26as%3DZOZ7bp2FTvjT_jjKSfGsnQ&sarp=1&scc=1&checkedDomains=youtube&pstMsg=0&oauth=1&TL=APDPHBCNSlkerwc_sSzbCOe06A7aYRowq80PYJ2g4QAHSmqQgraltFJlwYoQ1tp_ HTTP/1.1" 200 None
Open the Google App, and tap 'Yes' on the prompt to sign in ...
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): content.googleapis.com: 443
DEBUG:urllib3.connectionpool:https: //content.googleapis.com:443 "POST /cryptauth/v1/authzen/awaittx?alt=json&key=AIzaSyCp406mobx24ph_NgrsN9Qp4wrgWJrDL54 HTTP/1.1" 200 None
DEBUG:urllib3.connectionpool:https: //accounts.google.com:443 "POST /signin/challenge/az/3 HTTP/1.1" 302 581
DEBUG:urllib3.connectionpool:https: //accounts.google.com:443 "GET /speedbump/changepassword?continue=https%3A%2F%2Faccounts.google.com%2Fo%2Fsaml2%2Finitsso%3Fidpid%3D******%26spid%3D********%26forceauthn%3Dfalse%26from_login%3D1%26as%3DZOZ7bp2FTvjT_jjKSfGsnQ&sarp=1&scc=1&checkedDomains=youtube&checkConnection=youtube%3A1295%3A1&pstMsg=0&TL=APDPHBCNSlkerwc_sSzbCOe06A7aYRowq80PYJ2g4QAHSmqQgraltFJlwYoQ1tp_ HTTP/1.1" 200 None
ERROR:root:SAML lookup failed, storing failure page to 'saml.html' to assist with debugging.
Something went wrong - Could not find SAML response, check your credentials or use --save-failure-html to debug.

........ never mind after checking the html file i could see i just had to reset my password as it had expired.

stevemac007 commented 4 years ago

This is one of the wierd behaviours with the google auth - if you dig up any further symptoms that point at a cause we can resolve it - at the moment this just looks like a pain point.

stevemac007 commented 4 years ago

Is this still happening or can we close this issue? Usually points to an issue with the account's login status.

fpcyan commented 3 years ago

This is still failing for me. It times out before I get the notification on my phone to accept.

fpcyan commented 3 years ago

version 0.0.36

DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): accounts.google.com:443
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /o/saml2/initsso?idp...forceauthn=false HTTP/1.1" 302 0
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /ServiceLogin?passive=1209600&continue=https://accounts.google.com/o/saml2/initsso?idp...&followup=https://accounts.google.com/o/saml2/initsso?idp...26forceauthn%3Dfalse%26from_login%3D1%26as%3DbP7-...&ltmpl=popup&oauth=1&faa=1&sarp=1&scc=1 HTTP/1.1" 200 None
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /signin/v1/lookup HTTP/1.1" 302 568
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /signin/challenge/pwd/1?continue=https%3A%2F%2Faccounts.google.com%2Fo%2Fsaml2%2Finitsso%3Fidp...26forceauthn%3Dfalse%26from_login%3D1%26as%...&sarp=1&scc=1&checkedDomains=youtube&pstMsg=0&oauth=1&ltmpl=popup&TL=... HTTP/1.1" 200 None
INFO:root:Handling new-style login page
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /signin/challenge/pwd/1 HTTP/1.1" 302 567
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "GET /signin/challenge/dp/5?continue=https%3A%2F%2Faccounts.google.com%2Fo%2Fsaml2%2Finitsso%3Fid...%26forceauthn%3Dfalse%26from_login%3D1%26as%...&sarp=1&scc=1&checkedDomains=youtube&pstMsg=0&oauth=1&ltmpl=popup&TL=... HTTP/1.1" 200 None
ERROR:root:SAML lookup failed, storing failure page to 'saml.html' to assist with debugging.
Something went wrong - Could not find SAML response, check your credentials or use --save-failure-html to debug.

my phone pops up the challenge prompt, but this fails before i receive the challenge. it's timing out way too quickly.

abenhmeda commented 3 years ago

Likewise having the same issue. Any ideas?

fpcyan commented 3 years ago

I updated to the latest version of aws-google-auth and it worked perfectly. Highly recommend. :)

On Fri, Feb 12, 2021 at 6:24 AM Ahmed Ben-Hmeda notifications@github.com wrote:

Likewise having the same issue. Any ideas?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cevoaustralia/aws-google-auth/issues/138#issuecomment-778138561, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACUSASFSNHAE7PLQC5KZS7TS6UFWPANCNFSM4H43IALA .

abenhmeda commented 3 years ago

I updated to the latest version of aws-google-auth and it worked perfectly. Highly recommend. :) On Fri, Feb 12, 2021 at 6:24 AM Ahmed Ben-Hmeda @.***> wrote: Likewise having the same issue. Any ideas? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#138 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACUSASFSNHAE7PLQC5KZS7TS6UFWPANCNFSM4H43IALA .

I updated to 0.0.37 today and it worked. Cheers!

abdurrahmannagib commented 3 years ago

I updated to the latest version of aws-google-auth and it worked perfectly. Highly recommend. :) On Fri, Feb 12, 2021 at 6:24 AM Ahmed Ben-Hmeda @.***> wrote: Likewise having the same issue. Any ideas? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#138 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACUSASFSNHAE7PLQC5KZS7TS6UFWPANCNFSM4H43IALA .

I updated to 0.0.37 today and it worked. Cheers!

same here

stevemac007 commented 3 years ago

Support for dp or Dual Prompt authentication was contributed in the 0.0.37 build.