prolane / samltoawsstskeys

Google Chrome Extension which converts a SAML 2.0 assertion to AWS STS Keys.
MIT License
139 stars 91 forks source link

Does not generate the file credentials. #65

Closed gtorrezan closed 1 year ago

gtorrezan commented 1 year ago

After the December update it is no longer generating the credentials file. This occurs in Chrome or Edge. Is there any configuration that needs to be done after the upgrade ? Thank you

prolane commented 1 year ago

Hi @gtorrezan Please check the errors in the logs. You can find instructions here: https://github.com/prolane/samltoawsstskeys#faq

gtorrezan commented 1 year ago

When you enable debug logs and perform access with it, the file is generated. Without opening the debug screen, the file is not generated

sander-bol commented 1 year ago

It appears that the service worker goes inactive after some time. Any change made to the extension, for example disabling/enabling, awakens the service worker and re-enables the functionality.

I've enabled the debug log so that tomorrow, when this happens again, I'll hopefully have something useful to report.

hephbond commented 1 year ago

I really wish this were fixed. I can confirm the behavior described in this issue. Without the debug window opened, it certainly does not download the credentials file.

prolane commented 1 year ago

@sbol-coolblue Were you able to find anything?

@patricktalmeida has made a suggestion in PR https://github.com/prolane/samltoawsstskeys/pull/66 to add a sort of keep-alive. I'm wondering if there are any more experiences if this could be of help?

function keepServiceRunning() {
  // Call this function again in 5 minutes to keep service worker alive
  setTimeout(keepServiceRunning, 300000);
}

keepServiceRunning();

I'm planning to rollout a new release in the next few days based on https://github.com/prolane/samltoawsstskeys/commit/6283f58e54fa81086f9369c8ca0878e409379d07. I could add the keep-alive and hope this will fix the service worker getting inactive.

patricktalmeida commented 1 year ago

@prolane I tested it a few times, it seemed to have worked at first, but no, it's not working 😞

hephbond commented 1 year ago

I found this post on StackOverflow which describes this issue and some possible options pretty well.

One thing I wanted to note for @patricktalmeida's keepServiceRunning() function was that:

The inactivity timer when no such requests or ports are open is even shorter: 30 seconds.

So maybe setTimeout(keepServiceRunning, 25000) would work?

If not, the "offscreen API" example looks promising.

prolane commented 1 year ago

@patricktalmeida Thanks for the heads up.

@hephbond Great, thanks for the link. There are certainly some suggestions to try. And indeed, perhaps the keep-alive every 20 seconds will do the job? I'll add this in the next release so we can see the effect.

Did you guys find a consistent way of reproducing the issue? I'm asking as I haven't been able to experience the issue myself. I'm using the extension to successfully get credentials at first. Then I'm just browsing other websites for 10 minutes. Afterwards I'm browsing to my IDP again to login to AWS. The extension still gets the credentials.

prolane commented 1 year ago

Yesterday I've released version 3.3. Hopefully the keep-alive like solution helps.

prolane commented 1 year ago

I'm not observing any stale service worker with 3.3. Not when I'm working for a few hours and then use the extension, nor do I see any issues when using the extension after the weekend for example.

Let me know if any of you do still see the issue. And if so, if there is any consist way you can reproduce the issue?

sander-bol commented 1 year ago

Hi Gerard - unfortunately I think I'm still seeing the issue happen. The workaround (disable extension, re-enable) has become muscle-memory by now, though so it might just be my mind playing tricks on me. I'll keep an eye out for it today.

It's a tricky one to find a reproduction case for, especially since the repro seems to depend on the passing of time, or some interaction with the laptop going into sleep/hibernation.

sander-bol commented 1 year ago

So far the issue has not appeared. Looks like the setTimeout() to keep the worker alive has indeed worked.

Thanks for the fix!

prolane commented 1 year ago

Awesome, thanks for the feedback @sbol-coolblue!