Comments (4)
samrees
commented on September 20, 2024
[~]> asdf shell clisso 0.7.0
[~]> clisso get production
Authentication pending on OL Protect
Credentials written successfully to '/Users/sam.rees/.aws/credentials'
[~]> asdf shell clisso 0.8.3
[~]> clisso get production
Could not get temporary credentials: generating SAML assertion: doing HTTP request: 500 Internal Server Error
from clisso.
commented on September 20, 2024
We switched the OneLogin API endpoint between the versions 0.7 and 0.8.
Unfortunately, we currently don't have a debug flag/statement. I missed it myself every now and then but never came around implementing it. What I commonly do is to run it from source and add a temporary debug statement in the area of the broken code. For your specific problem this would be here: https://github.com/allcloud-io/clisso/blob/master/onelogin/client.go#L177
I'll try to look into a debug logging option soon.
from clisso.
commented on September 20, 2024
BTW: I can't reproduce it on my end. For me Onelogin with a US shard works fine on 0.8.3
from clisso.
samrees
commented on September 20, 2024
Worked with OneLogin. Apparently the problem is that we had an IP restriction listed for our Clisso client in the "Legacy API Control Panel" of OneLogin. And since Clisso does not pass the IP address to the SAML Assertion API, this uncovered a bug in OneLogin, and thus the 500 error.
Removing the IP restriction resolved the error for us. OneLogin also promised to fix the bug. I'm going to leave the debugging info I got for this and close this issue, in the hope its googleable if someone else hits it.
Test case:
curl -H 'Content-Type: application/json' -H 'Authorization: bearer:<redacted>' -d '{"username_or_email":"<redacted>@<redacted>.com","password":"<redacted>","app_id":"<redacted>","subdomain":"<redacted>"}"' -X POST https://api.us.onelogin.com/api/2/saml_assertion
⠼ HTTP/1.1 500 Internal Server Error
Content-Length: 948
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Date: Wed, 14 Apr 2021 22:29:12 GMT
P3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Status: 500 Internal Server Error
Strict-Transport-Security: max-age=63072000; includeSubDomains;
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: 000000-452438EF-F29B-0A0B05C5-01BB-3AC0A9-2B6F
X-Xss-Protection: 1; mode=block
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>We're sorry, but something went wrong (500)</title>
<style type="text/css">
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
div.dialog {
width: 25em;
padding: 0 4em;
margin: 4em auto 0 auto;
border: 1px solid #ccc;
border-right-color: #999;
border-bottom-color: #999;
}
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
</style>
</head>
<body>
<!-- This file lives in public/500.html -->
<div class="dialog">
<h1>We're sorry, but something went wrong.</h1>
<p>We've been notified about this issue and we'll take a look at it shortly.</p>
</div>
</body>
</html>
from clisso.
Related Issues (20)
- Abstract Regex patterns into their own functions
- Move Spinner code to function
- Reduce nested if statements
- Can't use brew install anymore HOT 2
- Issue with brew install HOT 1
- Support AWS Multi Account App - OneLogin HOT 1
- Add support for pre/post execution HOT 4
- Support Okta fastpass HOT 1
- Okta FastPass HOT 1
- Could not get temporary credentials: no valid AWS roles were returned HOT 3
- invalid memoy address when trying to connect HOT 2
- Rename release to 0.7.0 HOT 3
- Error should be handled first HOT 2
- Could not get temporary credentials: generating SAML assertion: doing HTTP request: 401 Unauthorized HOT 8
- Get a group of apps HOT 6
- Question: how to assign a default AWS region? HOT 1
- Error - Could not get temporary credentials: EOF HOT 3
- Could not get temporary credentials: generating SAML assertion: doing HTTP request: 404 Not Found HOT 2
- No way to specify pretty names for IAM roles HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clisso.