2.15.0 and 2.16.0 failing to login with keychain errors on ubuntu 18.04
Opened this issue ยท 13 comments
issue
saml2aws 2.15.0 and 2.16.0 are presenting keychain errors on my ubuntu 18.04 system, whereas 2.14.0 works without issue.
2.15.0 and 2.16.0 error examples
USER@SYSTEM:~$ saml2aws-215 --version
2.15.0
USER@SYSTEM:~$ saml2aws-215 login
Using IDP Account default to access ADFS <snipped ADFS URL>
ERRO[0000] stored credential malformed err="unexpected end of JSON input" helper=linuxkeyring
To use saved password just hit enter.
? Username <snipped user email>
? Password ********
Authenticating as <snipped user email> ...
error storing password in keychain: Cannot create an item in a locked collection
USER@SYSTEM:~$ saml2aws-216 --version
2.16.0
USER@SYSTEM:~$ saml2aws-216 login
Using IDP Account default to access ADFS <snipped ADFS URL>
ERRO[0000] stored credential malformed err="unexpected end of JSON input" helper=linuxkeyring
To use saved password just hit enter.
? Username <snipped user email>
? Password ********
Authenticating as <snipped user email> ...
error storing password in keychain: Cannot create an item in a locked collection
2.14.0 working as expected example
USER@SYSTEM:~$ saml2aws-214 --version
2.14.0
USER@SYSTEM:~$ saml2aws-214 login
Using IDP Account default to access ADFS <snipped ADFS URL>
To use saved password just hit enter.
? Username <snipped user email>
? Password ********
Authenticating as <snipped user email> ...
? Please choose the role [Use arrows to move, type to filter]
โฏ Account: <snipped AWS account> / <snipped AWS role>
thoughts
- I only access this system over
ssh, and thus never use any GUI aspect of the system. A coworker suggested that since I'm never getting a GUI prompt to unlock the keychain on login, it's possible that the keychain just isn't getting unlocked? I'm unsure if this is the case though, since that sounds to me like the keychain basically isn't functional without a GUI. - plausibly related to my other issue about
2.15.0: #323- I see no such slowness in ubuntu 18.04 over ssh like I did with centos 7, but I could imagine that it's possibly related to different keychain implementations between the distros
system info
os: Ubuntu 18.04.3 LTS, 64-bit
shell: GNU bash, version 4.4.20(1)-release (x86_64-pc-linux-gnu)
saml2aws version(s): 2.15.0, 2.16.0 (affected) and 2.14.0 (unaffected)
I'm seeing this issue on gentoo with 2.20.0 using KDE. The KDE wallet is open (unlocked).
Re-doing saml2aws configure got it working -- not clear why that was necessary ๐คทโโ๏ธ
I'm experiencing the same issue. I'm using WSL 2 and Ubuntu Linux 18.04 bionic. Also, this symptom occurring at 2.20.0.
$ saml2aws login --force
Using IDP Account default to access KeyCloak https://auth.devsisters.cloud/auth/realms/devsisters/protocol/saml/clients/amazon-aws
ERRO[0000] stored credential malformed err="unexpected end of JSON input" helper=linuxkeyring
To use saved password just hit enter.
? Username ...
? Password ...
Authenticating as jeonghyun.nam@devsisters.com ...
? Security Token [000000] ...
error storing password in keychain: Cannot create an item in a locked collection$ saml2aws --version
2.15.0I solved this problem with remove $HOME/.aws directory and reconfiguring it. Also, I tried to remove the 'login' keyring manually and recreated it again with seahorse tool.
Ref: https://www.fosslinux.com/2561/how-to-disable-keyring-in-ubuntu-elementary-os-and-linux-mint.htm
I always feel guilty tagging project owners/contributors directly like this sorry, but I'm still seeing this issue with saml2aws 2.25.0 in fully patched Ubuntu 18.04, and no amount of wiping .aws and .saml2aws and re-running saml2aws configure seems to help.
I was experiencing this same error in WSL after I tried regenerating my login.keyring file to remove its password lock. I was unable to solve it with the Linux version of saml2aws (tried all variants of deleting .saml2aws and .aws and re-configuring and seahorse'ing), so I just created a bash script to call the Windows version and put it in my PATH at ~/bin/saml2aws. (I also have my .saml2aws and .aws/credentials symlinked out to Windows, so both WSL and Windows end up modifying the same files.) Here is that script:
#!/bin/bash
/c/ProgramData/chocolatey/bin/saml2aws.exe ${@:1}
I had this issue even in 2.26.1. WSL 2 environment
I was reading issue #506 and did what was suggested there (purging dbus-x11) and the error and dbus related message is now gone. not sure if this is the right way of doing it though.
This was happening with latest 2.32.0 version, we solved it by deleting .saml2aws from the home directory.
chmod u+x saml2aws-helper.sh
Is there a workaround found for this problem?
Same issue with Ubuntu 22.04. saml2aws --version 2.36.11 and 2.36.4 tried:
saml2aws --verbose configure
Cannot create an item in a locked collection
error storing password in keychain
github.com/versent/saml2aws/v2/cmd/saml2aws/commands.storeCredentials
github.com/versent/saml2aws/v2/cmd/saml2aws/commands/configure.go:79
github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Configure
github.com/versent/saml2aws/v2/cmd/saml2aws/commands/configure.go:47
main.main
./main.go:199
runtime.main
runtime/proc.go:250
runtime.goexit
runtime/asm_amd64.s:1598
Any solution for the issue ? I am finding the same issue with saml2aws (version = 2.36.12)
Is this still happening on the latest version?
Not sure if this can help anyone here, but you can use the SAML2AWS_KEYRING_BACKEND global variable to use your preferred keychain backend. This application relies on 99designs/keyring to get secrets, I believe the fault might lie there. The possible values for this global variables are listed here.
I ran into issue where kwallet was being used over gnome's default keyring (after installed Hotspot). You can use this to bypass the autodetection and use something that works for you.