AWS SSO Support (was IndexError: list index out of range)

[korporationcl]

Describe the bug Hey @nathan-v, I was looking today into your tool but I'm hitting another issue right now that is related to:

11:25:18 (DEBUG) https://myorganisation.okta.com:443 "GET /app/amazon_aws_sso/application-id/sso/saml HTTP/1.1" 200 None
11:25:18 (INFO) Starting AWS session for us-east-1
11:25:18 (CRITICAL) 😬 Unhandled exception: list index out of range
11:25:18 (DEBUG) Traceback (most recent call last):
  File "/Users/username/opt/anaconda3/lib/python3.8/site-packages/aws_okta_keyman-0.9.0-py3.8.egg/aws_okta_keyman/keyman.py", line 87, in main
    result = self.aws_auth_loop()
  File "/Users/username/opt/anaconda3/lib/python3.8/site-packages/aws_okta_keyman-0.9.0-py3.8.egg/aws_okta_keyman/keyman.py", line 504, in aws_auth_loop
    session = self.start_session()
  File "/Users/username/opt/anaconda3/lib/python3.8/site-packages/aws_okta_keyman-0.9.0-py3.8.egg/aws_okta_keyman/keyman.py", line 474, in start_session
    session = aws.Session(
  File "/Users/username/opt/anaconda3/lib/python3.8/site-packages/aws_okta_keyman-0.9.0-py3.8.egg/aws_okta_keyman/aws.py", line 155, in __init__
    self.available_roles()
  File "/Users/username/opt/anaconda3/lib/python3.8/site-packages/aws_okta_keyman-0.9.0-py3.8.egg/aws_okta_keyman/aws.py", line 191, in available_roles
    for role in self.assertion.roles():
  File "/Users/username/opt/anaconda3/lib/python3.8/site-packages/aws_okta_keyman-0.9.0-py3.8.egg/aws_okta_keyman/aws_saml.py", line 54, in roles
    for x in roles_values[0]
IndexError: list index out of range

Noticed I had to rebuild the package since the AWS SSO integration in Okta has a different name (maybe Okta changed this without telling anyone)

diff --git a/aws_okta_keyman/okta_saml.py b/aws_okta_keyman/okta_saml.py
index b117ab7..7abfc48 100644
--- a/aws_okta_keyman/okta_saml.py
+++ b/aws_okta_keyman/okta_saml.py
@@ -89,7 +89,7 @@ class OktaSaml(okta.Okta):

         Returns: String SAML response
         """
-        path = "{url}/home/amazon_aws/{appid}".format(
+        path = "{url}/home/amazon_aws_sso/{appid}".format(
             url=self.base_url,
             appid=appid,
         )

I'm happy to provide and help to troubleshoot the issue!

To Reproduce Steps to reproduce the behavior:

1. Download the package
2. Ran the configuration and validate my Okta credentials
3. Error displayed after authenticating (twice)

Expected behavior Not to crash

Host (please complete the following information):

• OS: MacOs
• Version 0.9.0
• Python version 3.8.8

[nathan-v]

@korporationcl Keyman isn't built for Okta's AWS SSO module; it works with AWS IAM Federation which is why that URL doesn't match. They're different integrations and don't operate the same.

[nathan-v]

Reopening, I have support for AWS SSO in the works. It'll take a bit to get it parity with the main features that interact with Okta I think but I have the first stages already working.

[korporationcl]

Thanks mate!

On Thu, Jun 30, 2022, 12:11 Nathan V @.***> wrote:

Reopening, I have support for AWS SSO in the works. It'll take a bit to get it parity with the main features that interact with Okta I think but I have the first stages already working.

— Reply to this email directly, view it on GitHub https://github.com/nathan-v/aws_okta_keyman/issues/128#issuecomment-1170670961, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKSLEURDV5LRKLDD3N6DN73VRT65PANCNFSM5TE6E7PA . You are receiving this because you were mentioned.Message ID: @.***>

[zwo-bot]

@nathan-v I'm looking for a CLI tool that supports the AWS SSO app, but so far no one has implemented it and was considering doing it by myself. Can you maybe already share your current status of the implementation in a branch, so I can test and perhaps contribute?

[nathan-v]

@zwo-bot I'll try to push something soonish. I have the SSO part working but haven't had time since to get that integrated into the rest of the automation. Work priorities shifted but I hope to have some time soon.