versent / saml2aws Goto Github PK
View Code? Open in Web Editor NEWCLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP
Home Page: https://github.com/Versent/saml2aws
License: MIT License
CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP
Home Page: https://github.com/Versent/saml2aws
License: MIT License
I am currently working on a refactor of the providers, and a new configuration file.
The goals of this release are:
This work is ongoing in the master branch but given the breaking config change is last this should be OK.
New configuration will be located at ~/.saml2aws
, rather than the current ~/.aws2saml
and look something like:
[wolfeidau]
hostname = id.wolfe.id.au
username = [email protected]
provider = keycloak
mfa = totp
[test123]
hostname = id.whatever.com
username = [email protected]
provider = keycloak
mfa = sms
There will be a new configure command, similar to the AWS cli which will enable you to setup IDP accounts and give each a name.
Outstanding tasks:
The AWS cli does not create the C:\Users{username}.aws folder in Windows. Running saml2aws results in the following error if the folder doesn't exist.
Saving credentials
main.go:66: error saving credentials: open C:\Users{username}.aws\credentials: The system cannot find the path specified.
Manually creating the folder fixes the issue. Perhaps we could have a check for the folder and create it if it's missing.
While the username is listed in the ~/.awas2saml.config file
Still getting prompted for username ( and not offered as a default value )
secondly, would like to skip prompt for hostname and username and only prompt for password.
using version 1.8.3
Currently when authenticating, the resulting credentials are only valid for an hour. Is there a way to configure this value so that we could have credentials expire after 6 hours?
When we first configured access to our AWS console via ADFS we were able to set up a claim rule that specified how long the session should last (see this AWS blog post for more info). It would be great if saml2aws could use of this same claim rule.
It would be good to be able to run saml2aws login
without having to always have accounts preconfigured (in the ~/.saml2aws
config file via saml2aws configure
).
Given all the account details required by saml2aws configure
can be passed as command line flags to saml2aws login
, it would be good to have the option to skip the saml2aws configure
step
This is probably going to also be a pre-requisite for #55
saml2AWS expects the SAML Role (https://aws.amazon.com/SAML/Attributes/Role) AttributeValue to be formated as saml-provider,role
eg arn:aws:iam::456456456456:saml-provider/example-idp,arn:aws:iam::456456456456:role/admin
otherwise if the order is reveresed the role selection list displays as follows:
Please choose the role you would like to assume:
[ 0 ]: arn:aws:iam::123123123123:saml-provider/example-idp
[ 1 ]: arn:aws:iam::123123123123:saml-provider/example-idp
[ 2 ]: arn:aws:iam::123123123123:saml-provider/example-idp
[ 3 ]: arn:aws:iam::123123123123:saml-provider/example-idp
[ 4 ]: arn:aws:iam::123123123123:saml-provider/example-idp
AWS do not mandate an order for for the Role Attribute Value in the SAML assertion, as such identity providers can populate this attribute in any order and AWS will still be able to process the information. saml2AWS should follow the same behaviour.
saml2aws print a strange output about osx helpers for every command.
$ saml2aws --version
Adding osx helper
1.8.2
$ saml2aws exec bash
Adding osx helper
NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
error validating token
github.com/versent/saml2aws/cmd/saml2aws/commands.Exec
/Users/markw/Code/go/src/github.com/versent/saml2aws/cmd/saml2aws/commands/exec.go:26
main.main
/Users/markw/Code/go/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:75
runtime.main
/usr/local/Cellar/go/1.8.1/libexec/src/runtime/proc.go:185
runtime.goexit
/usr/local/Cellar/go/1.8.1/libexec/src/runtime/asm_amd64.s:2197
It happens in the checkToken function. It should handle more AWS errors by going to login.
Thoughts on implementing something like keyring from python for storing username/password so users can better automate the running of saml2aws?
I had found this package with a little bit of googling: https://github.com/tmc/keyring
When attempting to login with saml2aws using KeyCloak IdP get error
"Response did not contain a valid SAML assertion" when MFA is enabled.
With Okta, if no factors have been enrolled, assertion is assumed and fails with error:
"Response did not contain a valid SAML assertion"
This is the status from the response
"status\":\"MFA_ENROLL\"
Maybe just need a nice message to the user to go to Okta and enroll some new MFA types
saml2aws login
fails with the following error when $HOME/.aws/credentials
file is missing.
lstat /home/sjcho/.aws/credentials: no such file or directory
unable to resolve symlink
github.com/versent/saml2aws/pkg/awsconfig.(*CredentialsProvider).filename
/opt/saml2aws/src/github.com/versent/saml2aws/pkg/awsconfig/awsconfig.go:144
github.com/versent/saml2aws/pkg/awsconfig.(*CredentialsProvider).Save
/opt/saml2aws/src/github.com/versent/saml2aws/pkg/awsconfig/awsconfig.go:64
github.com/versent/saml2aws/cmd/saml2aws/commands.Login
/opt/saml2aws/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:146
main.main
/opt/saml2aws/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:76
runtime.main
/snap/go/922/src/runtime/proc.go:185
runtime.goexit
/snap/go/922/src/runtime/asm_amd64.s:2337
error saving credentials
github.com/versent/saml2aws/cmd/saml2aws/commands.Login
/opt/saml2aws/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:148
main.main
/opt/saml2aws/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:76
runtime.main
/snap/go/922/src/runtime/proc.go:185
runtime.goexit
/snap/go/922/src/runtime/asm_amd64.s:2337
The command works fine when I create an empty credentials file before running the command.
glide.lock line 67 should have Sirupsen
instead of sirupsen
, see Should I use lowercase or uppercase for the package name and Rename back to Sirupsen/logrus
same with imports, it needs to match the repo, all imports need to be renamed to Sirupsen
and Versent
as well
saml2aws login
~/.aws/config
. For example this non-default profile can be used: aws -p dev ec2 describe-instances
.~/.aws/config
for profile 'dev'. Error message:Supplied RoleArn not found in saml assertion: <supplied arn role>
Failed to assume role, please check you are permitted to assume the given role for the AWS service
(1) As shown above, I am permitted to assume this role... Or is there a difference with logging in with a arn role specified via --role
vs logging in and assuming that same arn role via aws -p
?
~/.aws/config
for profile 'dev' and then execute:saml2aws exec --role '<arn role copied from aws config>' aws ec2 describe-instances
Running command as: arn:aws:sts::....:assumed-role/..../....
The Running command as:
does not show the role specified by the --role
parameter. It's even possible to add a bogus text value for the --role
parameter, and it still executes with always the same role.
(2) How can I use exec
with a different arn role?
Can I pass in host and username via args?
saml2aws login -h hostname -u username
The readme file says that the exec
sub command exports the following environment variables -
I'm having trouble seeing them.
saml2aws exec --provider=Ping -- echo AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
returns
Running command as: arn:aws:sts::<blah>:assumed-role/admin/me
AWS_ACCESS_KEY_ID=
I was expecting to be able to see the value of the AWS_ACCESS_KEY_ID
environment variable.
Users can't login to AWS if they are configured in the IdP with a single IAM role only.
If a user is configured with only a single IAM role in the IdP, saml2aws
used to log the user in without prompting them to select a role. If they have more than one role, they are presented with a list of roles they must select from.
This was working in version 1.7.1 but with 1.8.1 this no longer works. If the user is configured with one role only, they are now prompted to select a role from the list but no list is printed. Entering 0
causes it to crash.
$ saml2aws login --provider=KeyCloak
Adding osx helper
Hostname [hostname.com.au/auth/realms/amp/protocol/saml/clients/amazon-aws]:
To use saved username and password just hit enter.
Username [user]:
Password: **********
Authenticating as user to KeyCloak https://hostname.com.au/auth/realms/amp/protocol/saml/clients/amazon-aws
Please choose the role you would like to assume:
Selection: 0
panic: runtime error: index out of range
goroutine 1 [running]:
github.com/versent/saml2aws.PromptForAWSRoleSelection(0x477cdd8, 0x0, 0x0, 0x477cdd8, 0x0, 0x0)
/Users/markw/Code/go/src/github.com/versent/saml2aws/input.go:88 +0x602
github.com/versent/saml2aws/cmd/saml2aws/commands.resolveRole(0xc42000e080, 0x1, 0x1, 0xc4204fc000, 0x29d4, 0xc4201461c0, 0x0, 0x0, 0xa0)
/Users/markw/Code/go/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:220 +0x123
github.com/versent/saml2aws/cmd/saml2aws/commands.Login(0xc4201461c0, 0x5, 0x44d7ab7)
/Users/markw/Code/go/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:103 +0x4cb
main.main()
/Users/markw/Code/go/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:73 +0x272
Version: saml2aws version 1.8.1
OS: macOS 10.12.5 (Sierra)
Provider: KeyCloak
The latest release has verbose output and behaves strangely when no username was saved before:
[hoegertn@MacBook-Pro Downloads]$ ./saml2aws login --role="arn:aws:iam::123456789012:role/ADFS-Test"
adding osx helper
LookupCredentials <ADFS-URL>
hostname <ADFS-URL>
Using saved username
Using saved password
savedUsername
Hostname [<ADFS-URL>]:
To use saved username and password just hit enter.
Username []:
Username []: someusername
Password: ********
Authenticating to ADFS with URL https://<ADFS-URL>
Selected role: arn:aws:iam::123456789012:role/ADFS-Test
Requesting AWS credentials using SAML assertion
Saving credentials
Logged in as: arn:aws:sts::123456789012:assumed-role/ADFS-Test/someusername
Your new access key pair has been stored in the AWS configuration
Note that it will expire at 2017-07-27 15:08:08 +0200 CEST
To use this credential, call the AWS CLI with the --profile option (e.g. aws --profile saml ec2 describe-instances).
Saving config: /Users/hoegertn/.aws2saml.config
Second try:
[hoegertn@MacBook-Pro Downloads]$ ./saml2aws login --role="arn:aws:iam::123456789012:role/ADFS-Test"
adding osx helper
LookupCredentials <ADFS-URL>
hostname <ADFS-URL>
Using saved username
Using saved password
savedUsername someusername
Hostname [<ADFS-URL>]:
To use saved username and password just hit enter.
Username [someusername]:
Password: ********
Authenticating to ADFS with URL https://<ADFS-URL>
Selected role: arn:aws:iam::123456789012:role/ADFS-Test
Requesting AWS credentials using SAML assertion
Saving credentials
Logged in as: arn:aws:sts::123456789012:assumed-role/ADFS-Test/someusername
Your new access key pair has been stored in the AWS configuration
Note that it will expire at 2017-07-27 15:08:24 +0200 CEST
To use this credential, call the AWS CLI with the --profile option (e.g. aws --profile saml ec2 describe-instances).
Saving config: /Users/hoegertn/.aws2saml.config
[hoegertn@MacBook-Pro Downloads]$
Trying to auth to ADFS v2 environment and getting the following using version 1.4.0. I don't control/have access to ADFS. Let me know if there is anything else I can try for you.
C:\Users\jbruett>saml2aws --profile ADFS2 login
Hostname []: adfs.******.com
Username []: jbruett
Password: ***********
ADFS https://adfs.******.com
Authenticating to ADFS...
main.go:66: error authenticating to adfs: unable to locate IDP authentication form submit URL
C:\Users\jbruett>saml2aws --profile ADFS2 login
Hostname []: adfs.****.com/adfs/ls/IdpInitiatedSignon.aspx
Username []: jbruett
Password: ***********
ADFS https://adfs.******.com/adfs/ls/IdpInitiatedSignon.aspx
Authenticating to ADFS...
main.go:66: error authenticating to adfs: unable to locate IDP authentication form submit URL
C:\Users\jbruett>saml2aws --profile ADFS2 login
Hostname []: adfs..com
Username []: jbruett@.com
Password: ***********
ADFS https://adfs.******.com
Authenticating to ADFS...
main.go:66: error authenticating to adfs: unable to locate IDP authentication form submit URL
C:\Users\jbruett>saml2aws --profile ADFS2 login
Hostname []: adfs..com/adfs/ls/IdpInitiatedSignon.aspx
Username []: jbruett@.com
Password: ***********
ADFS https://adfs.******.com/adfs/ls/IdpInitiatedSignon.aspx
Authenticating to ADFS...
main.go:66: error authenticating to adfs: unable to locate IDP authentication form submit URL
We're using Google Apps as IdP. Would be great to see this supported.
Need to figure out if we can accept the passcode and send that to ping.
As reported by @ltrifonov and @rowanu
it fails often after a long inactivity, my android has some aggressive memory management and it kills something, perhaps the ping push listener. The only way to re-activate it is
Disable swipe -> confirm
, thenEnable swipe -> confirm
PITA
Hey guys, there's a minor display issue when a security token is requested:
Authenticating as fots ...
Security Token [000000]
: xxxxxx
Please choose the role you would like to assume:
Expected Result:
Authenticating as fots ...
Security Token [000000]: xxxxxx
Please choose the role you would like to assume:
Cheers
Fotis
It would be great to be able to use "saml2aws exec" without storing the credentials to the config but using only env.
So it would be possible to start multiple "saml2aws exec bash" with different roles.
When enabling the new Okta Sign-In Page saml2aws borks with the following error
Authenticating to Okta... main.go:66: error authenticating to adfs: unable to locate IDP authentication form submit URL
Okta have changed the way they initiate a login with the new Okta Sign-In page, It appears the JavaScript signin widget now calls the Okta Auth api which then initiates the Duo Web Widget when duo is enabled.
saml2aws needs to use the okta auth api instead of the previous simulation via the web page.
My normal browser displays a page like this:
For security reasons, we require additional information to verify your account ([email protected])
We've sent a text message with a verification code.
+xx xxx xxx1234
Verification code
saml2aws fails with this error on mfa enabled accounts:
Response did not contain a valid SAML assertion
Please check your username and password is correct
Hello, what would it take to implement duo push for adfs similar to this python tool?
thanks!
doesn't support google authenticator for Okta
saml2aws -p saml -i Ping login
Ping https://xxxx.xxxx.xx
Authenticating to Ping...
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x13e46ea]
goroutine 1 [running]:
github.com/versent/saml2aws.(*PingFedClient).Authenticate(0xc42000e1d8, 0xc420146a20, 0xc42000e1d8, 0x0, 0x0, 0x1a)
/Users/markw/Code/go/src/github.com/versent/saml2aws/pingfed.go:102 +0x4ca
github.com/versent/saml2aws/cmd/saml2aws/commands.Login(0x7fff5fbffc04, 0x4, 0x7fff5fbffc0c, 0x4, 0x14cd400, 0x5, 0x0)
/Users/markw/Code/go/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:46 +0x398
main.main()
/Users/markw/Code/go/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:60 +0x29c
How to reproduce.
OS: Ubuntu 16.04.1 LTS
How: initiate make command.
Output:
1 errors occurred:
--> darwin/amd64 error: exit status 1
Stderr: go build github.com/versent/saml2aws/helper/osxkeychain: no buildable Go source files in /home/debojit/gocode/src/github.com/versent/saml2aws/helper/osxkeychain
Makefile:29: recipe for target 'compile' failed
make: *** [compile] Error 1
In windows, run saml2aws exec
got error: exec: "/bin/sh": file does not exist
Please see console output below for steps to reproduce.
Points to note:
~/.aws/credential
file was present (but empty) before first invocation of exec
exec
was done immediately after the first, so there was no chance of STS token expiryexec
is AcmeRole1
, while for the second invocation it's AcmeRole2
exec
end up running as the same role, namely AcmeRole1
[centos@localhost ~]$ saml2aws -i KeyCloak --hostname="id.acme.com/auth/realms/acme/protocol/saml/clients/amazon-aws" --username="joe.bloggs" --password="${SAML2AWS_PASSWORD}" --role="arn:aws:iam::012345678910:role/AcmeRole1" --skip-prompt exec aws sts get-caller-identity
Authenticating as joe.bloggs to KeyCloak https://id.acme.com/auth/realms/acme/protocol/saml/clients/amazon-aws
Selected role: arn:aws:iam::012345678910:role/AcmeRole1
Requesting AWS credentials using SAML assertion
Logged in as: arn:aws:sts::012345678910:assumed-role/AcmeRole1/joe.bloggs
Your new access key pair has been stored in the AWS configuration
Note that it will expire at 2017-09-08 00:35:28 +1000 AEST
To use this credential, call the AWS CLI with the --profile option (e.g. aws --profile saml ec2 describe-instances).
Saving config: /home/centos/.aws2saml.config
{
"Account": "012345678910",
"UserId": "ABCDEF123456GHIJKLMN0:joe.bloggs",
"Arn": "arn:aws:sts::012345678910:assumed-role/AcmeRole1/joe.bloggs"
}
[centos@localhost ~]$ saml2aws -i KeyCloak --hostname="id.acme.com/auth/realms/acme/protocol/saml/clients/amazon-aws" --username="joe.bloggs" --password="${SAML2AWS_PASSWORD}" --role="arn:aws:iam::012345678910:role/AcmeRole2" --skip-prompt exec aws sts get-caller-identity
Running command as: arn:aws:sts::012345678910:assumed-role/AcmeRole1/joe.bloggs
{
"Account": "012345678910",
"UserId": "ABCDEF123456GHIJKLMN0:joe.bloggs",
"Arn": "arn:aws:sts::012345678910:assumed-role/AcmeRole1/joe.bloggs"
}
Expected behaviour is that the second (and any) invocation of exec
would run under the requested role in the command line options (i.e. AcmeRole2
in the case of the second invocation above)
DurationSeconds
The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour).
Need to update to max value for packer builds.
Would be great if this worked with us-gov-west-1, which has a different urn (amazon:webservices:govcloud) and uses a different sts endpoint. I tried changing the urn in the ADFS provider and re-building, but I was still directed to the public endpoints and got a role from the public side.
It is undesirable to use the --password
option due to safety. but -skip-prompt
is at least useful to skip the Username prompt. However, this is what happens:
fots > ~ $ saml2aws --skip-prompt -a fots login
Using IDP Account amp to access KeyCloak https://...
Authenticating as fots ...
Empty password
error validating login details
github.com/versent/saml2aws/cmd/saml2aws/commands.Login
/Users/markw/go/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:65
main.main
/Users/markw/go/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:95
runtime.main
/usr/local/Cellar/go/1.9.2/libexec/src/runtime/proc.go:195
runtime.goexit
/usr/local/Cellar/go/1.9.2/libexec/src/runtime/asm_amd64.s:2337
This works as expected for the MFA token input with the --skip-prompt
option:
fots > ~ $ saml2aws --skip-prompt --password=pass123 -a fots login
Using IDP Account amp to access KeyCloak https://...
Authenticating as fots ...
Security Token [000000]
:
Cheers
Fotis
Hi,
We have many clients so this new ability to save configurations per idp is awesome, but it still places the AWS session token into the default profile.
You can override it on the command line
~/go/bin/saml2aws --idp-account=somecustomer --profile somecustomer_saml login
But it would be good if profile
could be saved into the idp configuration also, allowing.
~/go/bin/saml2aws --idp-account=somecustomer login
I understand this may not be needed by everyone so I think it should be optional.
I'm seeing the following error when trying to login. I have previously been able to login.
Adding osx helper
One or more parameters passed to a function were not valid.
error loading saved password
github.com/versent/saml2aws/cmd/saml2aws/commands.resolveLoginDetails
/Users/markw/Code/go/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:162
github.com/versent/saml2aws/cmd/saml2aws/commands.Login
/Users/markw/Code/go/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:45
main.main
/Users/markw/Code/go/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:73
runtime.main
/usr/local/Cellar/go/1.8.1/libexec/src/runtime/proc.go:185
runtime.goexit
/usr/local/Cellar/go/1.8.1/libexec/src/runtime/asm_amd64.s:2197
Version info
โ ~ saml2aws --version
Adding osx helper
1.8.2
When on boarding if someone runs aws configure
it only creates ~/.aws/config
need to ensure my save method checks and creates credentials file if it doesn't exist.
This file needs to be 0600
too.
Prompts and auth details should be written to stdout.
This is especially important when using the exec
variant as I want to pipe the output of the subcommand ignoring the saml2aws output.
Would it be possible to create the option to have multiple hostnames for a single provider? Example if you have different roles and you wanted to switch between them with SAML2AWS you have to enter a different hostname in each time. If there was a way to read the config file with hostnames that you wanted to regularly use that would make things really easy for switch authenticating.
Can we add a flag that allows a user to pass in the role they want to assume?
saml2AWS dosen't have the account friendly name as part of the role selection list. This can make it hard to select the role you require if standard role names have been used across your aws accounts.
eg
[ 0 ]: arn:aws:iam::123123123123:role/admin
[ 1 ]: arn:aws:iam::123123123123:role/developer
[ 2 ]: arn:aws:iam::456456456456:role/admin
[ 3 ]: arn:aws:iam::456456456456:role/developer
[ 4 ]: arn:aws:iam::789789789789:role/admin
The AWS saml signin page will display the account alias as part of the role selection.
Select a role:
Account: example-cloudops (123123123123)
admin
developer
Account: example-digital-nonprod (456456456456)
admin
developer
Account: example-digital-prod (789789789789)
admin
AWS supports an optional request parameter to prolong a SessionDuration
The default session support is few hours... It would be nice to enhance the app... Do you have any idea how to implement such improvement in your app?
If the credentials file in the ~/.aws
folder is a symlink to some other location, this link is broken after using saml2aws.
So instead of creating a new file, the script should modify the content of the existing one.
When we enable (out-of-band) MFA on our ADFS, saml2aws times out before we can accept the MFA request
Hi,
is it possible to add a 32bit windows version to the releases area?
Thanks
Hello,
I tried to use Saml2AWS in Windows but I get an exception
Issue
Following error I get:
Authenticating as xxx@xxx ...
Post https://signin.aws.amazon.com/saml: Proxy Authorization Required
error retrieving AWS login form
github.com/versent/saml2aws.ParseAWSAccounts
Tests
I added HTTP_PROXY as systemvariable with the companies proxy like "http://Address:Port
Additional Note
When I use VirtualBox/Ubuntu/CNTLM on the same machine in the same network -> it works.
Question:
Does any one of you have further ideas how to get this accomplished ?
I am able to login to the web app using this URL, but I am getting this error when using the script.
Authenticating as ...
time="2017-12-05T14:24:45-05:00" level=debug msg="building provider" command=login idpAccount="&{https://e.oktapreview.com/home/amazon_aws/0oab5djefnTb4cMht0h7/137 Okta Auto true 0 urn:amazon:webservices}"
Response did not contain a valid SAML assertion
Please check your username and password is correct
Current prompt says:
"Enter verification code:"
you can tell which type from the factorType field
From Okta SMS (no other factors enrolled)
"factors\":[{\"id\":\"<redacted>\",\"factorType\":\"sms\",\"provider\":\"OKTA\"
We are using Okta+DUO for AWS authentication. I cannot get Okta provider to work. SAML Assertion is always empty. I got it to work by sending another get request to Okta APP to actually get SAML Assertion value (Code below). For now I just patch it and recompile so we can start using this awesome tool.
I am wondering if I am missing something to get Okta+DUO to work without code changes below?
If fix below is necessary then what is the proper way to setup extra config per provider? (Like for fix below it will need Okta APP parameter.)
Repo with the patch:
https://github.com/richardheath/saml2aws/blob/master/pkg/provider/okta/okta.go
I hardcoded the Okta APP since I am not sure how to properly make this a config option:
req, err = http.NewRequest("GET", oktaEntryURL+"/home/amazon_aws/0oagi9d4ouv6LpCWS0x7/272", nil)
if err != nil {
return samlAssertion, errors.Wrap(err, "error building app request")
}
q = req.URL.Query()
q.Add("RelayState", "/")
q.Add("sessionToken", oktaSessionToken)
req.URL.RawQuery = q.Encode()
req.Header.Add("Accept", "*/*")
res, err = oc.client.Do(req)
if err != nil {
return samlAssertion, errors.Wrap(err, "error retrieving app response")
}
Hello,
I`m trying to build the current master because I need to use a specific pull request in both
Ubuntu and Windows.
I executed glide install and I correctly set the $GOPATH
=> works
I tried to build it for both x86 and x64 with these commands:
env GOOS=windows GOARCH=amd64 go build -o saml2aws.exe
env GOOS=windows GOARCH=386 go build -o saml2aws.exe
and was able to build the file but it doesnt work when I execute these files. **It tells me it
s incompatbile with this windows version**
I have windows 7 but I think that not the issue.
Any clue what the issue might be ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.