I'm trying to setup AWS CLI login via OneLogin - but it doesn't seem to work.
I created the onelogin.sdk.properties file as follows:
onelogin.sdk.client_id=xxxxxxxxxxxxxxxxxxxxxxxxxxx
onelogin.sdk.client_secret=xxxxxxxxxxxxxxxxxxxxxxxxxxx
onelogin.sdk.region=us
onelogin.sdk.ip=
I'm running the below command from the same directory where the above properties file resides:
java -jar onelogin-aws-cli.jar --appid 123456 --subdomain mycompany --username myusername --region us-east-1 --profile onelogin
This prompts me for the password and after I enter it, I get the following error:
Exception in thread "main" OAuthProblemException{error='bad request', description='bad request', uri='null', state='400', scope='null', redirectUri='null', responseStatus=400, parameters={}}
at org.apache.oltu.oauth2.common.exception.OAuthProblemException.error(OAuthProblemException.java:59)
at org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validateErrorResponse(OAuthClientValidator.java:63)
at org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validate(OAuthClientValidator.java:48)
at org.apache.oltu.oauth2.client.response.OAuthClientResponse.validate(OAuthClientResponse.java:127)
at com.onelogin.sdk.conn.OneloginOAuthJSONResourceResponse.init(OneloginOAuthJSONResourceResponse.java:31)
at org.apache.oltu.oauth2.client.response.OAuthClientResponse.init(OAuthClientResponse.java:101)
at org.apache.oltu.oauth2.client.response.OAuthClientResponse.init(OAuthClientResponse.java:120)
at org.apache.oltu.oauth2.client.response.OAuthClientResponseFactory.createCustomResponse(OAuthClientResponseFactory.java:82)
at com.onelogin.sdk.conn.OneloginURLConnectionClient.execute(OneloginURLConnectionClient.java:75)
at org.apache.oltu.oauth2.client.OAuthClient.resource(OAuthClient.java:81)
at com.onelogin.sdk.conn.Client.getSAMLAssertion(Client.java:2238)
at com.onelogin.aws.assume.role.cli.OneloginAWSCLI.getSamlResponse(OneloginAWSCLI.java:437)
at com.onelogin.aws.assume.role.cli.OneloginAWSCLI.main(OneloginAWSCLI.java:256)
I know for a fact that my onelogin.sdk.properties is correct, because intentionally setting incorrect client_id/client_secret or changing the region to eu makes the application fail with another error (error='Unauthorized')
What might be the problem? Is there a debug switch I can use to help me understand what's going on?
Thanks, Yosi