prolane / samltoawsstskeys

Google Chrome Extension which converts a SAML 2.0 assertion to AWS STS Keys.
MIT License
139 stars 91 forks source link

Error getting non Default credentials after Manifest v3 change #59

Closed hrast01 closed 1 year ago

hrast01 commented 1 year ago

I'm seeing a different error for all the non-Default profiles: INFO: assumeRole client.send will now be executed script.js:345 MalformedInput: UnknownError at Re (chrome-extension://ekniobabpcnfjgfbphhcolcinmnbehde/lib/aws-sdk/lib/aws-js-sdk-bundle.js:2:57065) at chrome-extension://ekniobabpcnfjgfbphhcolcinmnbehde/lib/aws-sdk/lib/aws-js-sdk-bundle.js:2:68463 at async chrome-extension://ekniobabpcnfjgfbphhcolcinmnbehde/lib/aws-sdk/lib/aws-js-sdk-bundle.js:2:38494 at async chrome-extension://ekniobabpcnfjgfbphhcolcinmnbehde/lib/aws-sdk/lib/aws-js-sdk-bundle.js:2:50282 at async On.retry (chrome-extension://ekniobabpcnfjgfbphhcolcinmnbehde/lib/aws-sdk/lib/aws-js-sdk-bundle.js:2:89037) at async chrome-extension://ekniobabpcnfjgfbphhcolcinmnbehde/lib/aws-sdk/lib/aws-js-sdk-bundle.js:2:116397 at async assumeRole (chrome-extension://ekniobabpcnfjgfbphhcolcinmnbehde/background/script.js:331:22) at async onBeforeRequestEvent (chrome-extension://ekniobabpcnfjgfbphhcolcinmnbehde/background/script.js:216:22) script.js:223 ERROR: Error when trying to assume additional IAM Role. script.js:224 TypeError: Cannot read properties of undefined (reading 'access_key_id') at onBeforeRequestEvent (script.js:219:83) "TypeError: Cannot read properties of undefined (reading 'access_key_id')\n at onBeforeRequestEvent (chrome-extension://ekniobabpcnfjgfbphhcolcinmnbehde/background/script.js:219:83)"

prolane commented 1 year ago

Hi @hrast01, thanks for reporting. Could you provide some more of the logs prior to this error?

nickcampau commented 1 year ago

The issue is caused when more than one role is available. The latest changes in the scripts.js file assignes the the incorrect object to the attributes_role_list_item variable. It should return the #text element instead like the following.

attributes_role_list_item = attributes_role_list[i]['#text'];
prolane commented 1 year ago

Ok I see, so you are saying this issue is simply a result of the first AssumeRoleWithSAML call not working because of issue #58 ? That makes sense. Lets first wait on #58 getting fixed then, before continuing on this one.

PS Using attributes_role_list[i]['#text'] is not the complete solution. This would break the extension for others. Its a little bit more complicated than that. The issue lies with the fact there are various ways to create the SAML Assertion xml. This results in different behaviour of the xml parser. But I'll get it sorted soon.

prolane commented 1 year ago

@nickcampau , https://github.com/prolane/samltoawsstskeys/commit/b198466f66ef5db8275db0c24c7f5395368491fb implements a changed configuration of the xmlparser. This allows for a consistent way of processing the claimed IAM roles. This means I was now able to change the code to referencing the #text key as suggested.

As mentioned in #58 , I've published v3.1 to the web store. As soon as Google finishes the review, the new version will be released. I'll keep using #58 as main discussion thread, therefore I'll close this issue.

@hrast01 , obviously you can reopen this issue if the above issue somehow remains while using v3.1.

DavidRHoffman commented 1 year ago

@prolane - I've got the v.3.1 update. With v3.0 I was getting the same error as was reported for #58, but now I am getting this error. Unless I am missing something, I don't think this has been resolved.

DavidRHoffman commented 1 year ago

image

prolane commented 1 year ago

@DavidRHoffman That looks like a different issue. I've created a new issue for this one. #61