search

venth / aws-adfs

Command line tool to ease aws cli authentication against ADFS (multi factor authentication with active directory)
MIT License
286 stars 99 forks source link

Initial aws-adfs login fails due to connection forcibly closed #390

Open maxsolo96 opened 1 year ago

maxsolo96 commented 1 year ago

I installed the tool using pip on Windows Server 2012R2. Executing the following command:

aws-adfs login --adfs-host=<adfs-hostname>

results with the following error code:

`Traceback (most recent call last):
  File "c:\users\user1\appdata\local\programs\python\python38\lib\site-packages\urllib3\connectionpool.py", line 714,
in urlopen
    httplib_response = self._make_request(
  File "c:\users\user1\appdata\local\programs\python\python38\lib\site-packages\urllib3\connectionpool.py", line 403,
in _make_request
    self._validate_conn(conn)
  File "c:\users\user1\appdata\local\programs\python\python38\lib\site-packages\urllib3\connectionpool.py", line 1053,
 in _validate_conn
    conn.connect()
  File "c:\users\user1\appdata\local\programs\python\python38\lib\site-packages\urllib3\connection.py", line 419, in c
onnect
    self.sock = ssl_wrap_socket(
  File "c:\users\user1\appdata\local\programs\python\python38\lib\site-packages\urllib3\util\ssl_.py", line 449, in ss
l_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "c:\users\user1\appdata\local\programs\python\python38\lib\site-packages\urllib3\util\ssl_.py", line 493, in _s
sl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "c:\users\user1\appdata\local\programs\python\python38\lib\ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "c:\users\user1\appdata\local\programs\python\python38\lib\ssl.py", line 1040, in _create
    self.do_handshake()
  File "c:\users\user1\appdata\local\programs\python\python38\lib\ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [WinError 10054] An existing connection was forcibly closed by the remote host`

Tried adding username and password flags as well but it was futile. Is there something I am missing?

mattmauriello commented 5 months ago

A bit late to respond here, but based on the log im guessing your SSL handshake is failing. if your ADFS host is using a Certificate issued by a corporate internal CA, the libraries that aws-adfs is using for SSL likely do not include it in their trust store. I had this issue not for ADFS, but when connecting out for MFA. I had to add the targets CA certificate to the site-packages/certifi/cacert.pem file under the aws-adfs VirtualEnv to overcome that issue.