search

ruimarinho / gsts

Obtain and store AWS STS credentials to interact with Amazon services by authenticating via G Suite SAML.
MIT License
212 stars 37 forks source link

headless chrome spins forever #68

Closed heydonovan closed 1 year ago

heydonovan commented 2 years ago

Several of our users have reported this issue and now it's happening for me as well. Maybe due to a brew update/upgrade? Not sure at what point it broke, since I only use it when credentials expire.

$ gsts --version
4.0.1

$ aws --version
aws-cli/2.7.2 Python/3.9.13 Darwin/21.4.0 source/x86_64 prompt/off

$ sw_vers
ProductName:    macOS
ProductVersion: 12.3.1
BuildVersion:   21E258

Any ideas on how to further troubleshoot this? When running gsts, the headless chrome window opens, but nothing ever happens. It also never times out. Opens two tabs too. As a workaround, we have added this flag to our refresh script --engine-executable-path '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome'.

If I open a new third tab in that headless chrome and copy/paste that URL, it'll load. Maybe an init issue?

$ gsts --idp-id=REDACTED --sp-id=REDACTED --aws-profile=REDACTED --aws-role-arn=arn:aws:iam::REDACTED:role/REDACTED --force --verbose
ℹ Attempting to retrieve session expiration credentials
ℹ Credentials file does not exist at /Users/donovanhernandez/.aws/credentials
ℹ Allowing request to "https://accounts.google.com/o/saml2/initsso?idpid=REDACTED&spid=REDACTED&forceauthn=false"
ℹ Allowing request to "https://ssl.gstatic.com/accounts/ui/avatar_2x.png"
ℹ Allowing request to "https://ssl.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_112x36dp.png"
ℹ Allowing request to "https://ssl.gstatic.com/accounts/ui/wlogostrip_230x17_1x.png"
ℹ Allowing request to "https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2"
ℹ Allowing request to "https://accounts.google.com/generate_204?XYTAOQ"
⚠ User is not authenticated, spawning headful instance
ℹ Allowing request to "https://accounts.google.com/o/saml2/initsso?idpid=REDACTED&spid=REDACTED&forceauthn=false"

image

dholroyd commented 2 years ago

I had the same symptoms - my system is on Chrome 102.0.5005.61 (Ubuntu).

I downloaded Chrome 101, Linux_x64 which worked where the system provided Chrome didn't.

ruimarinho commented 1 year ago

Hi @heydonovan -- does this happen if you pass --engine=firefox?

ruimarinho commented 1 year ago

You'll be able to pass the following flags on the next major (https://github.com/ruimarinho/gsts/pull/82):


--playwright-engine
--playwright-engine-channel
--playwright-engine-executable-path
``

That will allow you to customise which browser engine and channel to use (.e.g `chromium` on the `chrome` channel). Sometimes requests can get stuck due to new detection techniques from Google, so changing browsers can prove helpful sometimes.