saml2aws
saml2aws copied to clipboard
Versent
error authenticating to IdP: unable to locate IDP oidc form submit URL
Hi Guys, thank you for your work. I reviewed issue log and my problem is similar to #645. It's wired because we started to use saml2aws in our company we have all configured it the same:
saml2aws configure
--idp-provider='AzureAD'
--mfa='Auto'
--profile='qa'
--username='****'
--url='https://account.activedirectory.windowsazure.com'
--app-id='0f9c3f01-e8a1-4375-b819-14d182ea78cb'
--skip-prompt
--role='arn:aws:iam::*****'
--idp-account='saml'
--region='eu-west-1'
but it works for some of us and for some not.
My current version: 2.35 (latest)
I run => DUMP_CONTENT=true saml2aws login --verbose
My output:
time="2022-07-28T10:12:15+02:00" level=debug msg=Running command=login URL empty in idp account github.com/versent/saml2aws/v2/pkg/cfg.(*IDPAccount).Validate C:/gopath/src/github.com/versent/saml2aws/pkg/cfg/cfg.go:113 github.com/versent/saml2aws/v2/cmd/saml2aws/commands.buildIdpAccount C:/gopath/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:167 github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login C:/gopath/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:31 main.main C:/gopath/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:187 runtime.main C:/go/src/runtime/proc.go:203 runtime.goexit C:/go/src/runtime/asm_amd64.s:1357 failed to validate account github.com/versent/saml2aws/v2/cmd/saml2aws/commands.buildIdpAccount C:/gopath/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:169 github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login C:/gopath/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:31 main.main C:/gopath/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:187 runtime.main C:/go/src/runtime/proc.go:203 runtime.goexit C:/go/src/runtime/asm_amd64.s:1357 error building login details github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login C:/gopath/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:33 main.main C:/gopath/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:187 runtime.main C:/go/src/runtime/proc.go:203 runtime.goexit C:/go/src/runtime/asm_amd64.s:1357
we are using url: https://account.activedirectory.windowsazure.com/applications/redirecttofederatedapplication.aspx?Operation=LinkedSignIn&applicationId=0f9c3f01-e8a1-4375-b819-14d182ea78cb&tenantId=8b86a65e-3c3a-4406-8ac3-19a6b5cc52bc
which redirect to:
https://login.microsoftonline.com/8b86a65e-3c3a-4406-8ac3-19a6b5cc52bc/oauth2/authorize?client_id=0000000c-0000-0000-c000-000000000000&redirect_uri=https%3A%2F%2Faccount.activedirectory.windowsazure.com%2F&response_mode=form_post&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DAQAAAAMAAAAIVGVuYW50SWSrAXQzenI4MGFsZkJHNjgxUDI2Zl9NS2Z6SDhmaHJpWV9obFExUWxQZGp5MUl6ZW5HNFZZTjAxekNTOGwyejlGY1RTRkcyOEpZOS1nd1U4aVhwSFFWWkUyV00tVzZjMFFMQkpmdEw5bVZoQVlnaGpkcFJMZFJManJwYXlFRi03R19DUFUtMmh6T2VKNFFsc2FnUk1JdmZtRlVSazdyS2hQM0NuR21UNmRBOXBqQQkucmVkaXJlY3TZAWh0dHBzOi8vYWNjb3VudC5hY3RpdmVkaXJlY3Rvcnkud2luZG93c2F6dXJlLmNvbS9hcHBsaWNhdGlvbnMvcmVkaXJlY3R0b2ZlZGVyYXRlZGFwcGxpY2F0aW9uLmFzcHg_T3BlcmF0aW9uPUxpbmtlZFNpZ25JbiZhcHBsaWNhdGlvbklkPTBmOWMzZjAxLWU4YTEtNDM3NS1iODE5LTE0ZDE4MmVhNzhjYiZ0ZW5hbnRJZD04Yjg2YTY1ZS0zYzNhLTQ0MDYtOGFjMy0xOWE2YjVjYzUyYmMeT3BlbklkQ29ubmVjdC5Db2RlLlJlZGlyZWN0VXJpwAF1cEt6NVpuM0NQMWNBLVVBRkI5X1Nid2ZSVVhheVZkbzI2ejlJckNHRDh1ck40VjJRMFpSeS1ITm94OE9oSXlIbGRzZWFnM0V6UTdKX3poUFRhaGdWMUhyZGRLTmhUUldpdE5fZHFoVDU4aERVNWNNaThKY01XTFl2WUpLQ0lhTzFFZjl0TF9Mc2ZvcHJ2aW9pMGdCc0oxWGZHTFJkZlZxbXpIZlFlTEZoaVctVEdOX292WjlGUFdYVFZKcC1HMkU&nonce=1658996524.1zNtQ2qR_7EQB6gx6rh3aw&nux=1
If I can provide more details I'm happy to do it.
I had the EXACT same issue. I had to change my password due to the policy applied to AD, that requires me to change my password frequently, but even if you change your password, it takes some time until the new password is federated across all services. I had to wait for almost half an hour.
