Open Zxurian opened 11 years ago
lsgd
commented
11 years ago What about the multi-credentials-option? If you have multiple credentials for an URL, you get a dropdown to select which one you want to fill-in.
Shouldn't this fit your use case?
delize
commented
11 years ago Would this be similar to something like:
https://domain/site1 https://domain/site2 https://domain/site3
I have all three of these and their different usernames and passwords in Keepass, but when I go to attempt to login to site2 for instance, site1 is filled in instead of site2. Same goes for site3, site 1 will be filled in.
Is there any way to resolve this?
Zxurian
commented
11 years ago Ispcity: Multi credentials doesn't really solve it, as one set of credentials would never be used in the url matching.
A login for an aws iam login would never be the same as an amazon.com or a direct aws login, so the dropdown of credentials, while technically would work, would be completely out of context.
ie. https://000000000001.signin.aws.amazon.com/console would use user@company.com/password, while https://amazon.com would use myownemail@domain.com/password2
since amazon has it's redirect authentication portal, keepass matches against the original domain, which happens to be both amazon.com, so it never offers to fill in user@company.com/password
I think it's similar to delize's issue, keepasshttp only matches against the domain itself, not any part of the url, so in cases where a login is specific to part of a url, not just the domain, then it doesn't fill it in.
A regex match option would probably solve the issue.
ericsopa
commented
9 years ago Zxurian,
I'm having the exact same problem, did you ever figure out a solution using KeePass? I've got the latest version of KeePassHttp and chromeIPass and still having the exact same problem.
-Paul
ericsopa
commented
9 years ago lukas-schulze,
I've got multi-credentials setup but there are a couple of things that don't match my use case. One which I would say is pretty common, so an investment in a solution would be broadly applicable.
Use Case: I have many AWS console accounts to manage. They can be differentiaed by different domains like: admin1.signin.aws.amazon.com/console admin2.signin.aws.amazon.com/console admin3.signin.aws.amazon.com/console
Apparently KeePass ignores the first URL and only examines the 2nd URL. And more precisely, only recognizes the second URL's domain name. (more on this later). Because of this I have to create a second entry and link it as per http://sourceforge.net/p/keepass/discussion/329221/thread/50470cc5
It would be great if I could setup KeePass with a single entry that handled the re-direct.
PROBLEM 2-Since KeePass only recognizes the domain name, all my 2nd entries end up with the same domain and thus I am presented with a list of credentials to choose from. The list would be so long as to not fit on my screen. And would introduce unwanted complexity to both the config and usage of KeePass.
As it stands now I'll have to find another solution.
What would be great would be a single entry in KeePass that handles the redirect and associates the credentials with the first URL. I think it's just a matter of ignoring the 2nd URL in the context of credentials and just populating the username/password fields of whatever ends up in the browser.
Any assistance would be greatly appreciated.
Thanks,
Paul
ericsopa
commented
9 years ago So I managed to figure out an acceptable config and workflow.
I am able to have a single entry for each AWS account. I am able to handle the URL re-direct from Amazon.
On the Entry tab:
Title:
On Auto-Type tab: Create a custom sequence for specific windows: Target Window: Amazon Web Services Sign-In - Google Chrome
With KeePass open, double click the URL for any given Entry Click on the "User Name:" field so the insertion point is flashing in the input field. Press Ctrl + Alt + A
KeepPass will then display a list of username/passwords for you to choose from, click on the one that matches the "Account:" field. At this point KeePass should fill in the "User Name:" and "Password:" fields and press
The only problem with this config and workflow is that it is not as efficient as I would like. I'm already hunting and selecting the username/password I want in KeePass. I have to do that a second time and press a 3-key combination. It would be much faster if after selecting the username/password in KeePass that it just did all the rest of the work.
The problem appears to be a collision between Amazon's inability to provide uniqueness where KeePass seems to need it (at the URL domain and Window Title) and KeepPass's inability to parse out full URLs as amazon does provide a URL option (X-Amz-Signature) that is unique for each account.
I consider the above config and workflow a 'work around' and would prefer that KeePass be modified to make AWS login simpler.
Thanks,
Paul
ericsopa
commented
9 years ago Found a gotcha in the above. The list of accounts is displayed in a dialog ordered chronologically, not alphabetically. This will make searching for the correct account all the more difficult.
To login to AWS, there are 3 fields: Account User Name Password
The "Account" field is always populated with something unique for each account. Is there some way to get KeePass to read that field and make a login decision based on that?
ericsopa
commented
9 years ago Why can't KeePass be configured thusly:
Go to this URL, ignore a redirect, and when Username/password fields are presented, populate.
This type of configuration appears to be impossible, because KeePass is fixated the the final, not the initial URL/Window Name.
How hard would it be to modify KeePass to behave in this way?
pfn
commented
9 years ago This is keepasshttp, not keepass
On Tue, Dec 23, 2014 at 1:58 PM, ericsopa notifications@github.com wrote:
Why can't KeePass be configured thusly:
Go to this URL, ignore a redirect, and when Username/password fields are presented, populate.
This type of configuration appears to be impossible, because KeePass is fixated the the final, not the initial URL/Window Name.
How hard would it be to modify KeePass to behave in this way?
— Reply to this email directly or view it on GitHub https://github.com/pfn/keepasshttp/issues/130#issuecomment-68003138.
I looked over the docs but couldn't find an answer to my particular use case. Currently using ChromeIPass, here's the scenario
I manage a few different Amazon AWS accounts. My login urls for a particular AWS account are,
https://000000000001.signin.aws.amazon.com/console,https://000000000002.signin.aws.amazon.com/console, etc. Within KeePass, I have entries setup like soThe problem is that Amazon internally redirects that link to something like
https://www.amazon.com/ap/signin?openid.assoc_handle=aws&openid.return_to=https%3A%2F%2Fsignin.aws.amazon.com%2Foauth%3Fresponse_type%3Dcode%26client_id%3Darn%253Aaws%253Aiam%253A%000000000000%253Auser%252Fhomepage%26redirect_uri%3Dhttps%253A%252F%252Fconsole.aws.amazon.com%252Fconsole%252Fhome%253Fstate%253DhashArgs%000000%2526isauthcode%253Dtrue%26noAuthCookie%3Dtrue&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&action=&disableCorpSignUp=&clientContext=&marketPlaceId=&poolName=00000000000&authCookies=&pageId=aws.iam&siteState=&accountStatusPolicy=P1&sso=&openid.pape.preferred_auth_policies=MultifactorPhysical&openid.pape.max_auth_age=120&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&server=%2Fap%2Fsignin%3Fie%3DUTF8&accountPoolAlias=00000000000&forceMobileApp=0which KeePassHttp won't pick up as a url match, so it ends up filling in my regular amazon.com credentials, which isn't what I want.
Can I add an Advanced Field and have KeePassHttp scan that in addition to the Title & url fields for a match to fill in user/pass?