saml2aws icon indicating copy to clipboard operation
saml2aws copied to clipboard

Published 20 hours ago verified publisher icon Versent

Receiving "page is missing saml assertion"

Open colekas-ssim opened this issue 5 years ago • 8 comments

I'm running into this problem when running saml2aws

DEBU[0007] HTTP Req                                      URL="https://accounts.google.com/https://accounts.google.com/signin/challenge/totp/3" http=client method=POST
DEBU[0007] HTTP Res                                      Status="400 Bad Request" http=client
page is missing saml assertion
github.com/versent/saml2aws/pkg/provider/googleapps.(*Client).Authenticate
        /go/saml2aws/pkg/provider/googleapps/googleapps.go:154
github.com/versent/saml2aws/cmd/saml2aws/commands.Login
        /go/saml2aws/cmd/saml2aws/commands/login.go:70
main.main
        /go/saml2aws/cmd/saml2aws/main.go:148
runtime.main
        /usr/local/go/src/runtime/proc.go:203
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1357
error authenticating to IdP
github.com/versent/saml2aws/cmd/saml2aws/commands.Login
        /go/saml2aws/cmd/saml2aws/commands/login.go:72
main.main
        /go/saml2aws/cmd/saml2aws/main.go:148
runtime.main
        /usr/local/go/src/runtime/proc.go:203
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1357

I've tried removing the associated google account from the device. I've tried saml2aws v2.23.0 and v2.27.1 and both give the same error.

colekas-ssim avatar Oct 07 '20 16:10 colekas-ssim

I created a (probably hacky) fix for it https://github.com/v3rm0n/saml2aws/commit/75a38ee1065ac9f07e04b2310df0715dfd28d762

v3rm0n avatar Oct 19 '20 08:10 v3rm0n

@v3rm0n we're suffering from the same issue - I can confirm that your fix works for us.

As a side note, by opening the challenge in a browser, it sidesteps an issue for me where YubiKeys on Linux were unusable due to issues in the underlying u2f library.

Could it please be merged and released (v2.27.2)?

cc @wolfeidau

ari-becker avatar Oct 26 '20 12:10 ari-becker

please merge :)

blorby avatar Feb 10 '21 10:02 blorby

Can you merge it?

Shahard2 avatar Feb 22 '21 09:02 Shahard2

One of the developers in my org had this issue, and we've spent hours figuring out what it is. To investigate weird errors in saml2aws - use saml2aws login --verbose , and copy the output <html>...</html> to a debug.html file.

The error msg page is missing saml assertion was quite misleading, after looking in the developer's debug.html file, the issue was -

Wrong password. Try again or click Forgot password to reset it.

image

I hope this helps

unfor19 avatar Jul 01 '21 09:07 unfor19

The above comment helped me, but I had to use DUMP_CONTENT=true saml2aws login --verbose to get the HTML.

bonnici avatar Jan 06 '22 05:01 bonnici

In my case, I'm getting a 400 when using GoogleApps image

Using Browser works, but I've been unable to determine why the GoogleApps option doesn't work.

xdumaine avatar Jan 27 '23 16:01 xdumaine

Hi.

I've encountered the same problem and I've found that it is caused by the wrong challengeId field value when POSTing parameters to login URL page (https://accounts.google.com/signin/challenge/pwd/2).

I've confirmed that changing challengeId field from 1 to 2 works for me, but I have no confident that it is correct way to fix the problem. Perhaps the scraped form values should be passed to the POST parameters, I think.

https://github.com/Versent/saml2aws/blob/6957a7412352d3ce930a99417d0640f38525811f/pkg/provider/googleapps/googleapps.go#L266

ciniml avatar Jan 30 '23 13:01 ciniml