Issue with Lambda function

ldaptive / aws-s3-sftp-azure-IdentityProvider

AWS Transfer for S3 Custom Identity Provider leveraging Azure AD

0 stars 3 forks source link

Issue with Lambda function #1

Closed Dhariaj closed 4 years ago

Dhariaj commented 4 years ago

I tried to implement this solution but we keep on getting the error

2020-04-20T21:06:09.151Z INFO Error: Get Token request returned http error: 400 and server response: { "error": "invalid_grant", "error_description": "AADSTS50034: The user account {EmailHidden} does not exist in the company . directory.

I have all the information properly filled out. Any help will be highly appreciated

ldaptive commented 4 years ago

can you give me more info for where you are getting the error? If you are looking in cloudwatch it should tell you what line the error is on and will give me a better idea where it is failing.

If you are having issues with your domain name, you can validate the domain by following this article: https://www.wintellect.com/using-onmicrosoft-com-azure-active-directory-accounts/

alternatively you can use change the environment variable "PrincipleDomain" to: @yoursitehere.onmicrosoft.com format, which will change the user in code to: username@yoursitehere.onmicrosoft.com

Dhariaj commented 4 years ago

at Logger.createError (/var/task/node_modules/adal-node/lib/log.js:216:13) at Request._callback (/var/task/node_modules/adal-node/lib/util.js:130:25) at Request.self.callback (/var/task/node_modules/request/request.js:185:22) at Request.emit (events.js:311:20) at Request. (/var/task/node_modules/request/request.js:1161:10) at Request.emit (events.js:311:20) at IncomingMessage. (/var/task/node_modules/request/request.js:1083:12) at Object.onceWrapper (events.js:417:28) at IncomingMessage.emit (events.js:323:22) at endReadableNT (_stream_readable.js:1204:12)

Dhariaj commented 4 years ago

One thing I noticed is that it will not accept my username in the format James.bond. I don't see the Apigateway or the lambda function getting triggered but if I pass my username as jbond, jb0007 or any other format without a period then it invoked the Lambda function but at that point that user does not belong to our directory in Azure. Is there any limits to using a period in the username?

ldaptive commented 4 years ago

Yes - Unfortunately this is limitation of AWS SFTP transfer. The SFTP server will not forward anything that does not match there username requirements. I can not find the forum post for this now, but I did see someone running into the same issue and then chose to have users login in with underscore. for example: john.doe ==> johndoe then doing a username.replace('','.') in code in order to send the correct username. The function should work from that point of view.

here is the username requirements from AWS.

"For Username, enter the user name. This user name must be a minimum of 3 and a maximum of 32 characters. You can use the following characters in the user name: a–z, A-Z, 0–9, underscore, and hyphen. The user name can't start with a hyphen." https://docs.aws.amazon.com/transfer/latest/userguide/getting-started-add-user.html

let m know if you still run into issues.