Open gene1wood opened 4 years ago
This appears to fail intermittently. When it works the sequence is
client_id
of arn:aws:iam::015428540659:user/homepage
which is apparently an AWS account that hosts AWS's signin stuffAnd here's the failure case
https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fconsole.aws.amazon.com%2Fconsole%2Fhome%3Fstate%3DhashArgs%2523%26isauthcode%3Dtrue
&client_id=arn%3Aaws%3Aiam%3A%3A015428540659%3Auser%2Fhomepage
&forceMobileApp=0
&code_challenge=REDACTED
&code_challenge_method=SHA-256
which serves up the AWS user password prompt
It looks like somethings happened and the
issuer
value that we pass, which should tell AWS where to send the user after their session expires, isn't working any more.When I return to a session after 12 hours, I get redirected to https://signin.aws.amazon.com/signin instead of the URL passed in the issuer value
Here's an example of a URL that federated-aws-rp sends me to which should set the issuer.
https://signin.aws.amazon.com/federation?Action=login&Destination=https%3A%2F%2Fconsole.aws.amazon.com%2Fconsole%2Fhome&SigninToken=XXXXREDACTEDXXXX&Issuer=https%3A%2F%2Faws.sso.mozilla.com%2F%3Faccount%3Dinfosec-prod%26role%3DMAWS-Admin