-
Notifications
You must be signed in to change notification settings - Fork 567
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Errors using GoogleApps - error loading first page #1259
Comments
Looks like aws-google-auth is having issues as well due to Google's redesigned login UI. There's a proposed fix that we can use as a reference. |
We're experiencing the same issue, impacting quite a lot of users, would be good to see if there is any plans to resolve this in the very near future. |
Same issue. For now, I'm grabbing the SAML assertion in my browser's web inspector (look for the |
The workaround right now is to log in via the browser method until someone patches it:
|
Any update on this issue? |
The ^ command didn't work for me. In case anyone else has a similar issue, you can try appending the account name to command . The full command that worked for me ended up being |
I have a pull request open to fix this issue as it's impacting most of the users in my org. I have been able to test for myself the new login flow with a 2FA phone app. If any of you have a different 2FA you want to test this code against, it would be appreciated. You can build my branch and test with the local copy: |
@aaronthebaron I'm in the same boat. I will give a shot to your branch. |
Same here.. Thanks for sharing! Will give it a try as well. |
If you find it's not working, run the command with |
I suppose this can be closed with the merging of #1285 |
@mapkon Could a release be cut for this? Eager to stop logging in via my browser everytime :-) |
Got this error when I tried to login this morning, I tried to login on both @aaronthebaron's branch and on this repo's master branch
Can't dump the output of saml2aws with EDIT
|
@codingtony-candid This is the one case found so far I haven't been able to test locally, making it a bit difficult to pin down. I started to work a bit on it here, see that conversation to understand where that's at. @edwardrf had some initial changes to test that I believe are closer to the mark than where I was going. I haven't had time to look further this week. |
For prosperity, I rebooted my phone and I was able to use the "Tap Yes" method. @aaronthebaron I have the html dumped locally. If it can help for debugging lmk. Perhaps if you shutdown your phone, you may end up in the same situation and will be easier to reproduce the issue? |
I encountered the same issue two days ago on both @aaronthebaron’s branch and the master branch of this repo. After reverting to using the Browser for authentication and then switching back to GoogleApps, the issue was resolved. Interestingly, this problem occurred consistently on my Mac and when working with the laptop's screen but not when connected to an external screen, though this might just be a coincidence, as I haven’t extensively tested it in different environments. Additionally, I did not observe this issue in the Linux distribution I built for other employees at my company. I hope some of this information is helpful. |
What is the way forward here? Should we revert the changes that were pushed to trunk? |
I don't think it should be reverted from trunk. The code that was merged is very useful for the users of saml2aws with Google IdP. The issue that was later mentioned in the thread is less of a problem and it's tracked as a separate issue (#1286). |
Hi everyone, just letting you know that the changes made to fix this issue has just been released (v2.36.17). |
Tested this out and it's failing for me on the 2-step verification selection. I used to be able to use my security key in the past (YubiKey), but that selection is grayed out on the UI. Is this a known issue? Looks like the PR from an earlier comment might be trying to address this, but it hasn't had any activity recently.
|
@mjhoffman65 ditto |
I can confirm this is now working, when using a OTP as MFA. The OTP is requested in the CLI and workflow works E2E. I'm wondering if there's a way to store the session details securely, similar to credentials in the OS credentials manager (eg. Keychain in macOS) so the MFA is not required on every login (similar to what happens in the browser). |
I used the new version, v2.36.17, and this time I am getting the following error. In fact, 2-step verification is activated and authentication is performed through the browser to connect.
|
I got this same error with the new version. Once I removed my passkey from my account, it was able to work. |
Thank you for answer. However, the situation is the same even after deleting the passkey, in my case. |
I was getting the same error with provider
and it's working fine now |
When using the GoogleApps provider with saml2aws, I'm getting a error:
Looking at the code I see that saml2aws is looking for a form with
id=gaia_loginform
, but the html I get when running saml2aws login doesn't have that element. It looks like google might have made an update to their login form so the form can no longer be accessed with that id.Is there a workaround so saml2aws login can work with the updated Google form?
The text was updated successfully, but these errors were encountered: