You can also have the tool print out more detail on what it is doing to try to do in order to diagnose. To debug an issue, you can run in debug mode (-mode debug) to see the GUI while aws-azure-login tries to populate it. If something isn't working, you can fall back to GUI mode (above). A minor change on the Microsoft side could break the tool. The nature of browser automation with Puppeteer means the solution is bit brittle. It loads the Azure login page behind the scenes, populates your username and password (and MFA token), parses the SAML assertion, uses the AWS STS AssumeRoleWithSAML API to get temporary credentials, and saves these in the CLI credentials file. To automate this from a command line, aws-azure-login uses Puppeteer, which automates a real Chromium browser. The Azure login page uses JavaScript, which requires a real web browser. You may double-check tenant ID using Attribute tag named tenantid provided in XML.In the decoded XML output the value of the Audience tag is the App ID URI.Paste the decoded output into the a SAML deflated and encoded XML decoder ( like this one).Paste it into a URL decoder ( like this one) and decode.The GUID right after / is the tenant ID.You can also open the developer console with nagivation preservation to capture the URL.) In the window the pops open quickly copy the URL.Click the chicklet for the login you want. If you can't get it from them, you can scrape it from a login page from the page. Your Azure AD system admin should be able to provide you with your Tenant ID and App ID URI. To skip unnecessary calls, the credentials are only getting refreshed if the time to expire is lower than 11 minutes. This will allow you to automate the credentials refresh procedure, eg.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |