Cannot parse form field
usa-usa-usa-usa opened this issue ยท 11 comments
I am attempting to run the following line:
awsprocesscreds-saml --endpoint https://my.company.com/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices --username 'myAccount@mycorp.net --provider adfs --role-arn arn:aws:iam::595513102389:role/IaaSOperations --verbose
I am getting the following error:
Traceback (most recent call last):
File "c:\python27\lib\runpy.py", line 174, in _run_module_as_main
"__main__", fname, loader, pkg_name)
File "c:\python27\lib\runpy.py", line 72, in _run_code
exec code in run_globals
File "C:\Python27\Scripts\awsprocesscreds-saml.exe\__main__.py", line 9, in <module>
File "c:\python27\lib\site-packages\awsprocesscreds\cli.py", line 81, in saml
creds = fetcher.fetch_credentials()
File "c:\python27\lib\site-packages\awsprocesscreds\saml.py", line 348, in fetch_credentials
creds = super(SAMLCredentialFetcher, self).fetch_credentials()
File "C:\Users\me\AppData\Roaming\Python\Python27\site-packages\botocore\credentials.py", line 507, in fetch_credentials
return self._get_cached_credentials()
File "C:\Users\me\AppData\Roaming\Python\Python27\site-packages\botocore\credentials.py", line 517, in _get_cached_credentials
response = self._get_credentials()
File "c:\python27\lib\site-packages\awsprocesscreds\saml.py", line 357, in _get_credentials
kwargs = self._get_assume_role_kwargs()
File "c:\python27\lib\site-packages\awsprocesscreds\saml.py", line 393, in _get_assume_role_kwargs
assertion = self._authenticator.retrieve_saml_assertion(config)
File "c:\python27\lib\site-packages\awsprocesscreds\saml.py", line 138, in retrieve_saml_assertion
self._fill_in_form_values(config, form_data)
File "c:\python27\lib\site-packages\awsprocesscreds\saml.py", line 178, in _fill_in_form_values
self._ERROR_MISSING_FORM_FIELD % self.USERNAME_FIELD)
awsprocesscreds.saml.SAMLError: Error parsing HTML form, could not find the form field: "ctl00$ContentPlaceHolder1$UsernameTextBox"
I'm running into the same issue - I wonder if this is because we're using ADFS3? I'm using the same details I use for the (modified) version of https://aws.amazon.com/blogs/security/how-to-implement-federated-api-and-cli-access-using-saml-2-0-and-ad-fs/
@AMMullan could you please answer the question I asked @jcwhisman ? If form-based login isn't your default configuration, this will not work as only forms-based login is supported.
Hey @JordonPhillips - yeah, we use form-based logins. I'm just working through comparing what awsprocesscreds does to process the form and how it differs to the way I do it, might just be a small difference.
I am struggeling with ADFS too. Part 1 is working if I use
USERNAME_FIELD = 'UserName'
PASSWORD_FIELD = 'Password'
Then I get access keys. For other problems, I will open a different issue.
I ran into the same issue and the fix by @hoegertn solves at least the part about logging in.
I struggled a bit to figure out where to apply it so I am including a diff:
diff saml.py saml.py.org
256,257c256,257
< USERNAME_FIELD = 'UserName'
< PASSWORD_FIELD = 'Password'
---
> USERNAME_FIELD = 'ctl00$ContentPlaceHolder1$UsernameTextBox'
> PASSWORD_FIELD = 'ctl00$ContentPlaceHolder1$PasswordTextBox'
Perhaps it is an idea if these field names can be passed as arguments to the awsprocesscreds
tool?
While I am able to login now, I am running into a problem where I am not able to switch roles but I'll open a separate issue for that.
Same problem here, and changing fields to 'UserName' and 'Password' helps. Would it be silly to support all conventions seen in the codebase and have it choose the appropriate one based on what is found in the form?
username
password
UserName
Password
ctl00$ContentPlaceHolder1$UsernameTextBox
ctl00$ContentPlaceHolder1$PasswordTextBox
is there an update for that issue? this issue is still present in 2019 if the authentication is done using NTLM instead of username/password.
I'm still seeing this issue. I pulled from pip, and __init__.py
reports version 0.0.2.
When I change the saml.py
USERNAME_FIELD and PASSWORD_FIELD to the above listed values, it is able to get me past the login form.
Is there an alternate authentication approach I should be looking at?
I'm also facing the same issue, but after doing the fix as mentioned in the above comments, I am not getting prompt for password but instead getting below error:
awsprocesscreds.saml.SAMLError: Login failed, could not retrieve SAML assertion. Double check you have entered your password correctly.