Closed jpeacblth closed 1 year ago
@jpeacblth You shouldn't need to do that with the latest version of the tool. I increased the waits from 10 to 60 seconds. Can you ensure you have the latest version of the Untitled Goose Tool and run a pip install? Afterwards, run goosey auth --debug
and post your output here.
Hello,
I grabbed the latest version and did the pip install. Here is the results from my goosey auth --debug
Stacktrace:
RemoteError@chrome://remote/content/shared/RemoteError.sys.mjs:8:8
WebDriverError@chrome://remote/content/shared/webdriver/Errors.sys.mjs:182:5
UnexpectedAlertOpenError@chrome://remote/content/shared/webdriver/Errors.sys.mjs:508:5
GeckoDriver.prototype._handleUserPrompts@chrome://remote/content/marionette/driver.sys.mjs:2696:13
(auth.py:575)
2023-05-04 16:33:41,403 - auth - INFO - User authentication complete. (auth.py:584)
2023-05-04 16:33:45,421 - auth - DEBUG - App Authentication authority uri: https://login.microsoftonline.com/0c4d6a21-2cf4-4197-9333-aa5fadb76709 (auth.py:288)
2023-05-04 16:33:45,422 - auth - DEBUG - App authentication resource uri: https://graph.microsoft.com/.default (auth.py:289)
2023-05-04 16:33:45,811 - auth - DEBUG - App Authentication authority uri: https://login.microsoftonline.com/0c4d6a21-2cf4-4197-9333-aa5fadb76709 (auth.py:288)
2023-05-04 16:33:45,812 - auth - DEBUG - App authentication resource uri: https://api.securitycenter.microsoft.com/.default (auth.py:289)
2023-05-04 16:33:46,165 - auth - DEBUG - App Authentication authority uri: https://login.microsoftonline.com/0c4d6a21-2cf4-4197-9333-aa5fadb76709 (auth.py:288)
2023-05-04 16:33:46,168 - auth - DEBUG - App authentication resource uri: https://management.azure.com/.default (auth.py:289)
Thanks, if you run goosey auth --debug --interactive
, can you describe what is happening (the browser steps will show up on screen; please don't interact with the browser while it is attempting to authenticate as the user)? I'm unable to replicate the issue, so seeing what selenium looks like to the user can help me understand what is going on.
The authentication windows pop up and they appear to log-in without a problem. we do have SSO enabled, and it even looks like that it is getting passed. Things moved so quickly that I couldn't grab screenshots.
Not sure if it changes anything. But I think the IAM team setup the principal account as non-interactive log in.. it was set to application login.
Since you have SSO enabled, if you manually navigate to portal.azure.com
, does it just log you in?
no, it look is asking for me to login.
When you ran the tool with --interactive
, did the debug logs show the same error as you initially reported even though it seemed to log-in without an issue?
@jpeacblth Also, can you create a cloud-only account (without any on-premise connection) with the permissions needed? I think that will solve the SSO issue you are running into.
@victoriawallace-cisa , Hello. I was able to get the cloud account tested. It appears that resolved the problem. I did get an error, but I am guess it is due to permissions.
2023-05-22 15:36:39,237 - auth - INFO - Attempting to automatically auth via device code. You may have to accept MFA prompts. (auth.py:116) 2023-05-22 15:37:14,405 - auth - INFO - Device code authentication complete. (auth.py:279) 2023-05-22 15:37:18,415 - auth - INFO - Attempting to automatically auth as an user. You may have to accept MFA prompts. (auth.py:315) 2023-05-22 15:38:27,052 - auth - INFO - First tab: Obtained audit log cookies. (auth.py:523) 2023-05-22 15:38:27,069 - auth - ERROR - Error obtaining .AspNet cookie - admin.exchange.microsoft.com: 'NoneType' object has no attribute 'get' (auth.py:532) 2023-05-22 15:38:27,071 - auth - INFO - Third tab: Obtained Exchange cookies. (auth.py:541) 2023-05-22 15:38:27,091 - auth - INFO - Second tab: Exchange Control Panel cookies acquired. (auth.py:569) 2023-05-22 15:38:30,502 - auth - INFO - User authentication complete. (auth.py:584)
@jpeacblth Due to the fickleness of the Microsoft environment, you might have to re-auth until you don't receive an error message. I'll go ahead and add needing a cloud-only account to the readme in order to remediate this issue for future users.
I have the same errors show as @Pavel-Sushko in issue #9 with the below items. I did change the time to 120 and I still hit the same errors.
I then tried the above, but with the pip install, and it just reset items back to 10. tested with same output. Then changed to 120 and ran goosey auth.. same errors.
Stacktrace: RemoteError@chrome://remote/content/shared/RemoteError.sys.mjs:8:8 WebDriverError@chrome://remote/content/shared/webdriver/Errors.sys.mjs:182:5 NoSuchElementError@chrome://remote/content/shared/webdriver/Errors.sys.mjs:394:5 element.find/</<@chrome://remote/content/marionette/element.sys.mjs:134:16 (auth.py:575)
Originally posted by @victoriawallace-cisa in https://github.com/cisagov/untitledgoosetool/issues/9#issuecomment-1485981338