leapp
leapp copied to clipboard
Noovolari
AWS SSO Integration not working with GovCloud
Describe the bug
AWS SSO is available in GovCloud, but the start URLs are different than in Commercial regions. For example:
https://start.us-gov-west-1.us-gov-home.awsapps.com/directory/<directory-alias-or-id>
When attempting to configure an AWS SSO integration in Leapp for an instance in GovCloud, I get an error, "Error during SSO Login. Invalid SSO URL". But it's definitely valid, so I am guessing Leapp is parsing the URL and doing some validation, and just isn't aware of how the URL is structured in GovCloud.
Leapp Version Leapp v0.10.0
Screenshots
Hi have you tried to use the portal url that ends with /start for the AWS SSO in cloud gov. At the moment i have not AWS Single Sign-On to try if there is some problem but I will look at it deeply soon!
Edit: Following the AWS sso guide the portal url is the one expected by the AWS SSO oidc sdk: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-sso.html
Can you please provide Logs? You can find them here
Thanks for the contribution
Unfortunately, no logs are generated when I attempt to sign in to the Govcloud SSO integration.
There is no portal url in Govcloud AWS SSO that ends with /start. As the doc you linked mentioned, the portal url in Govcloud has the format:
-
https://start.us-gov-home.awsapps.com/directory/<IdentityStoreId>or -
https://start.us-gov-home.awsapps.com/directory/<CustomAlias>
Hi have you tried to use the portal url that ends with /start for the AWS SSO in cloud gov.
Need to test it deeper. With a AWS gov AWS sso
This should be solved now with v.0.16.0. I can close the issue now. Feel free to re-open the issue if the problem persists.
If there are some problem please provide us additional logs with the new version installed