crowbar icon indicating copy to clipboard operation
crowbar copied to clipboard
verified publisher icon moritzheiber

crowbar no longer works with Okta, a SAML IdP

Open JosephNuthalapati2244 opened this issue 4 years ago • 2 comments

I am trying to use an already configured profile with crowbar, which I remember was working earlier. It fails before prompting for login credentials.

$ crowbar exec myprofile -- aws s3 ls
Unable to login
Caused by:
 1: HTTP status client error (401 Unauthorized) for url (https://<subdomain>.okta.com/api/v1/authn)

Using crowbar v0.3.7

JosephNuthalapati2244 avatar Aug 27 '21 12:08 JosephNuthalapati2244

Yes, this is an unfortunate side-effect of crowbar having no facility to invalidate the credentials associated with your Okta account. You've probably changed your password recently and thus the password crowbar stored for your profile before is now invalid. You can work around this issue by deleting all references to crowbar from your local password store (macOS Keychain, Linux GNOME Keyring, Windows Cert Manager). crowbar will then ask you for your password again on the next run.

moritzheiber avatar Aug 27 '21 13:08 moritzheiber

Purging the credentials from Keyring fixes the issue. Thanks.

JosephNuthalapati2244 avatar Aug 27 '21 13:08 JosephNuthalapati2244