Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New AWS Okta SSO authentication approach #197

Open
maxtacu opened this issue Jun 21, 2022 · 1 comment
Open

New AWS Okta SSO authentication approach #197

maxtacu opened this issue Jun 21, 2022 · 1 comment

Comments

@maxtacu
Copy link
Member

maxtacu commented Jun 21, 2022

Token retrieval fails
Only if your organization switches to the new SSO auth approach described here
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
and here https://www.okta.com/blog/2020/05/how-okta-aws-sso-simplifies-admin-and-adds-cli-support/
then you might face issues described below

To Reproduce
Steps to reproduce the behavior:

  1. Configure a working ~/.okta-aws file with profiles
  2. okta-awscli -s and select any profile
  3. Enter credentials for login
  4. See error smth like this:
ERROR - No Extra Verification
Traceback (most recent call last):
  File "/Users/mtacu/.pyenv/versions/3.8.13/bin/okta-awscli", line 33, in <module>
    sys.exit(load_entry_point('okta-awscli', 'console_scripts', 'okta-awscli')())
  File "/Users/mtacu/.pyenv/versions/3.8.13/lib/python3.8/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/Users/mtacu/.pyenv/versions/3.8.13/lib/python3.8/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/Users/mtacu/.pyenv/versions/3.8.13/lib/python3.8/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/mtacu/.pyenv/versions/3.8.13/lib/python3.8/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/Users/mtacu/maxdoesdevops/okta-awscli/oktaawscli/okta_awscli.py", line 141, in main
    get_credentials(
  File "/Users/mtacu/maxdoesdevops/okta-awscli/oktaawscli/okta_awscli.py", line 36, in get_credentials
    _, assertion = okta.get_assertion()
  File "/Users/mtacu/maxdoesdevops/okta-awscli/oktaawscli/okta_auth.py", line 165, in get_assertion
    assertion = self.get_saml_assertion(resp)
  File "/Users/mtacu/maxdoesdevops/okta-awscli/oktaawscli/okta_auth.py", line 149, in get_saml_assertion
    self.logger.error("SAML assertion not valid: " + assertion)
TypeError: can only concatenate str (not "NoneType") to str

Environment (please complete the following information):

  • Any OS environment because the error comes from Okta due to changed auth approach

Additional context
Issue is created to track development progress and inform other users of a known issue. Further updates about this issue will be posted here
@prasanthlouis prasanthlouis mentioned this issue Jan 29, 2023
Merged
@TryTryAgain
Copy link

Same, it does appear to work when MFA is disabled but that's not gonna work for us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TryTryAgain @maxtacu