saml2aws
saml2aws copied to clipboard
Versent
2.15.0 and 2.16.0 failing to login with keychain errors on ubuntu 18.04
issue
saml2aws 2.15.0 and 2.16.0 are presenting keychain errors on my ubuntu 18.04 system, whereas 2.14.0 works without issue.
2.15.0 and 2.16.0 error examples
USER@SYSTEM:~$ saml2aws-215 --version
2.15.0
USER@SYSTEM:~$ saml2aws-215 login
Using IDP Account default to access ADFS <snipped ADFS URL>
ERRO[0000] stored credential malformed err="unexpected end of JSON input" helper=linuxkeyring
To use saved password just hit enter.
? Username <snipped user email>
? Password ********
Authenticating as <snipped user email> ...
error storing password in keychain: Cannot create an item in a locked collection
USER@SYSTEM:~$ saml2aws-216 --version
2.16.0
USER@SYSTEM:~$ saml2aws-216 login
Using IDP Account default to access ADFS <snipped ADFS URL>
ERRO[0000] stored credential malformed err="unexpected end of JSON input" helper=linuxkeyring
To use saved password just hit enter.
? Username <snipped user email>
? Password ********
Authenticating as <snipped user email> ...
error storing password in keychain: Cannot create an item in a locked collection
2.14.0 working as expected example
USER@SYSTEM:~$ saml2aws-214 --version
2.14.0
USER@SYSTEM:~$ saml2aws-214 login
Using IDP Account default to access ADFS <snipped ADFS URL>
To use saved password just hit enter.
? Username <snipped user email>
? Password ********
Authenticating as <snipped user email> ...
? Please choose the role [Use arrows to move, type to filter]
❯ Account: <snipped AWS account> / <snipped AWS role>
thoughts
- I only access this system over
ssh, and thus never use any GUI aspect of the system. A coworker suggested that since I'm never getting a GUI prompt to unlock the keychain on login, it's possible that the keychain just isn't getting unlocked? I'm unsure if this is the case though, since that sounds to me like the keychain basically isn't functional without a GUI. - plausibly related to my other issue about
2.15.0: #323- I see no such slowness in ubuntu 18.04 over ssh like I did with centos 7, but I could imagine that it's possibly related to different keychain implementations between the distros
system info
os: Ubuntu 18.04.3 LTS, 64-bit
shell: GNU bash, version 4.4.20(1)-release (x86_64-pc-linux-gnu)
saml2aws version(s): 2.15.0, 2.16.0 (affected) and 2.14.0 (unaffected)
I'm seeing this issue on gentoo with 2.20.0 using KDE. The KDE wallet is open (unlocked).
Re-doing saml2aws configure got it working -- not clear why that was necessary :man_shrugging:
I'm experiencing the same issue. I'm using WSL 2 and Ubuntu Linux 18.04 bionic. Also, this symptom occurring at 2.20.0.
$ saml2aws login --force
Using IDP Account default to access KeyCloak https://auth.devsisters.cloud/auth/realms/devsisters/protocol/saml/clients/amazon-aws
ERRO[0000] stored credential malformed err="unexpected end of JSON input" helper=linuxkeyring
To use saved password just hit enter.
? Username ...
? Password ...
Authenticating as [email protected] ...
? Security Token [000000] ...
error storing password in keychain: Cannot create an item in a locked collection
$ saml2aws --version
2.15.0
I solved this problem with remove $HOME/.aws directory and reconfiguring it. Also, I tried to remove the 'login' keyring manually and recreated it again with seahorse tool.
Ref: https://www.fosslinux.com/2561/how-to-disable-keyring-in-ubuntu-elementary-os-and-linux-mint.htm
@wolfeidau
I always feel guilty tagging project owners/contributors directly like this sorry, but I'm still seeing this issue with saml2aws 2.25.0 in fully patched Ubuntu 18.04, and no amount of wiping .aws and .saml2aws and re-running saml2aws configure seems to help.
I was experiencing this same error in WSL after I tried regenerating my login.keyring file to remove its password lock. I was unable to solve it with the Linux version of saml2aws (tried all variants of deleting .saml2aws and .aws and re-configuring and seahorse'ing), so I just created a bash script to call the Windows version and put it in my PATH at ~/bin/saml2aws. (I also have my .saml2aws and .aws/credentials symlinked out to Windows, so both WSL and Windows end up modifying the same files.) Here is that script:
#!/bin/bash
/c/ProgramData/chocolatey/bin/saml2aws.exe ${@:1}
I had this issue even in 2.26.1. WSL 2 environment I was reading issue #506 and did what was suggested there (purging dbus-x11) and the error and dbus related message is now gone. not sure if this is the right way of doing it though.
This was happening with latest 2.32.0 version, we solved it by deleting .saml2aws from the home directory.
Is there a workaround found for this problem?
Same issue with Ubuntu 22.04. saml2aws --version 2.36.11 and 2.36.4 tried:
saml2aws --verbose configure
Cannot create an item in a locked collection error storing password in keychain github.com/versent/saml2aws/v2/cmd/saml2aws/commands.storeCredentials github.com/versent/saml2aws/v2/cmd/saml2aws/commands/configure.go:79 github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Configure github.com/versent/saml2aws/v2/cmd/saml2aws/commands/configure.go:47 main.main ./main.go:199 runtime.main runtime/proc.go:250 runtime.goexit runtime/asm_amd64.s:1598
Any solution for the issue ? I am finding the same issue with saml2aws (version = 2.36.12)
