saml2aws icon indicating copy to clipboard operation
saml2aws copied to clipboard

Published 20 hours ago verified publisher icon Versent

AzureAD: unable to locate IDP oidc form submit URL

Open teddevaal opened this issue 3 years ago • 3 comments

Configured according to documentation: Azure AD

Version: 2.28.4

Config

[default]
app_id               = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
url                  = https://account.activedirectory.windowsazure.com
username             = [email protected]
provider             = AzureAD
mfa                  = Auto
skip_verify          = false
timeout              = 0
aws_urn              = urn:amazon:webservices
aws_session_duration = 3600
aws_profile          = saml
resource_id          = 
subdomain            = 
role_arn             = 
region               = 
http_attempts_count  = 
http_retry_delay     = 
Name                 = default
credentials_file     = 
saml_cache           = false

Output

saml2aws login --verbose

time="2021-03-31T17:23:40+11:00" level=debug msg=Running command=login
time="2021-03-31T17:23:40+11:00" level=debug msg="check if Creds Exist" command=login
time="2021-03-31T17:23:40+11:00" level=debug msg=Expand name=/home/teddevaal/.aws/credentials pkg=awsconfig
time="2021-03-31T17:23:40+11:00" level=debug msg=resolveSymlink name=/home/teddevaal/.aws/credentials pkg=awsconfig
time="2021-03-31T17:23:40+11:00" level=debug msg=ensureConfigExists filename=/home/teddevaal/.aws/credentials pkg=awsconfig
Using IDP Account default to access AzureAD https://account.activedirectory.windowsazure.com
To use saved password just hit enter.
Username ([email protected]) 
Password **********
time="2021-03-31T17:23:47+11:00" level=debug msg="building provider" command=login idpAccount="account {\n  AppID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\n  URL: https://account.activedirectory.windowsazure.com\n  Username: [email protected]\n  Provider: AzureAD\n  MFA: Auto\n  SkipVerify: false\n  AmazonWebservicesURN: urn:amazon:webservices\n  SessionDuration: 3600\n  Profile: saml\n  RoleARN: \n  Region: \n}"
Authenticating as [email protected] ...
time="2021-03-31T17:23:48+11:00" level=debug msg="HTTP Req" URL="https://login.microsoftonline.com/common/login" http=client method=POST
time="2021-03-31T17:23:49+11:00" level=debug msg="HTTP Res" Status="200 OK" http=client
unable to locate IDP oidc form submit URL
error authenticating to IdP
github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login
	github.com/versent/saml2aws/v2/cmd/saml2aws/commands/login.go:103
main.main
	command-line-arguments/main.go:180
runtime.main
	runtime/proc.go:225
runtime.goexit
	runtime/asm_amd64.s:1371

Observation

When using saml2aws, a POST is made to https://login.microsoftonline.com/common/login. However, when using Microsoft My Apps, https://account.activedirectory.windowsazure.com/applications/redirecttoapplication.aspx?Operation=LinkedSignIn&applicationId={app_id}&tenantId={tenant_id} is redirected to https://login.microsoftonline.com/{tenant_id}/saml2?SAMLRequest={saml_request}.

teddevaal avatar Mar 31 '21 06:03 teddevaal

Azure AD does not work in 2.30.0

biship avatar May 06 '21 13:05 biship

Duplicate with https://github.com/Versent/saml2aws/issues/628

kenchan0130 avatar Jun 21 '21 05:06 kenchan0130

I came across this error today with version 2.35.0, I use Azure AD as identity store It turns out that this is because my password is up for an update and Azure AD is trying to prompt me for a password change. The error message is very confusing. As soon as I change my password, it is working again.

digihunch avatar Jun 16 '22 00:06 digihunch