Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Help Wanted: ADFS3.0 +AWS-ADFS 1.13.0 #118

Open
Injineers opened this issue Apr 10, 2019 · 2 comments
Open

Help Wanted: ADFS3.0 +AWS-ADFS 1.13.0 #118

Injineers opened this issue Apr 10, 2019 · 2 comments
Labels
question waiting Waiting for answer

Comments

@Injineers
Copy link

Hello

I have been testing / setting up our integration of our AD to AWS for some time.

I have ADFS Auth /aws using a web browser using Server.domain.com/adfs/ls/IdpInitiatedSignon.aspx
Depending on if they are members of multiple AWS related ACLs; they get the AWS page to choose their role/account they want access to.
Users who only have 1 role, after authing to ADFS they are directly in the console.
I have this working with RSA as well as Duo setting the Party trust to require one of those as MFA.

I then was asked to get the CLI working. I decided to remove the need for MFA from ADFS to ease me into this new'ness..with the intention that once I got CLI working without MFA, then I would re-enable it (part of me wonders if there is something in this looking for a form of MFA)

Initially I had tried the "Samlapi_FormAuth_Adfs3.py" mentioned on a AWS blog; but didnt get very far.

I then switched over to this & I am having an issue after authenticating

"2019-04-10 14:37:09,181 [authenticator authenticator.py:authenticate] [8840-MainProcess] [12400-MainThread] - ERROR: Cannot extract saml assertion. Re-authentication needed?
This account does not have access to any roles"

PIP Freeze Data
asn1crypto==0.24.0
astroid==1.6.5
aws-adfs==1.13.0
awscli==1.16.140
backports.functools-lru-cache==1.5
beautifulsoup4==4.7.1
boto==2.49.0
boto3==1.9.130
botocore==1.12.130
bs4==0.0.1
certifi==2019.3.9
cffi==1.12.2
chardet==3.0.4
Click==7.0
colorama==0.3.9
configparser==3.7.4
cryptography==2.6.1
docutils==0.14
enum34==1.1.6
futures==3.2.0
idna==2.8
ipaddress==1.0.22
isort==4.3.16
jmespath==0.9.4
lazy-object-proxy==1.3.1
lxml==4.3.3
mccabe==0.6.1
pyasn1==0.4.5
pycparser==2.19
pylint==1.9.4
pyOpenSSL==19.0.0
pypiwin32==223
python-dateutil==2.8.0
pywin32==224
PyYAML==3.13
requests==2.21.0
requests-negotiate-sspi==0.5.2
rsa==3.4.2
s3transfer==0.2.0
singledispatch==3.4.0.3
six==1.12.0
soupsieve==1.9
style==1.1.0
update==0.0.1
urllib3==1.24.1
wrapt==1.11.1

Im a little green when it comes to Python and not sure where to actually start

But as I mentioned from a browser it all works.

Ive also ran the reset aws profile, and no dice.
I followed similar threads with the same error though they ref adfs4. I still tried altering the language settings, but no dice.

any assistance would be greatly appreciated.
@kfattig
Copy link
Contributor

kfattig commented Jul 11, 2019

Try messing with --sspi / --no-sspi now. I had similar troubles prior to this PR, which changes how '--no-sspi' is handled:
#125

@torric1
Copy link

torric1 commented Sep 9, 2019

try https://github.com/torric1/AWSCLI-MFA-RSAv2

@pdecat pdecat added question waiting Waiting for answer labels Sep 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question waiting Waiting for answer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pdecat @Injineers @kfattig @torric1