2
votes

I'm trying to setup AWS CLI login via OneLogin - but it doesn't seem to work.

I created the onelogin.sdk.properties file as follows:

onelogin.sdk.client_id=xxxxxxxxxxxxxxxxxxxxxxxxxxx
onelogin.sdk.client_secret=xxxxxxxxxxxxxxxxxxxxxxxxxxx
onelogin.sdk.region=us
onelogin.sdk.ip=

I'm running the below command from the same directory where the above properties file resides: java -jar onelogin-aws-cli.jar --appid 123456 --subdomain mycompany --username myusername --region us-east-1 --profile onelogin

This prompts me for the password and after I enter it, I get the following error:

Exception in thread "main" OAuthProblemException{error='bad request', description='bad request', uri='null', state='400', scope='null', redirectUri='null', responseStatus=400, parameters={}}
    at org.apache.oltu.oauth2.common.exception.OAuthProblemException.error(OAuthProblemException.java:59)
    at org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validateErrorResponse(OAuthClientValidator.java:63)
    at org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validate(OAuthClientValidator.java:48)
    at org.apache.oltu.oauth2.client.response.OAuthClientResponse.validate(OAuthClientResponse.java:127)
    at com.onelogin.sdk.conn.OneloginOAuthJSONResourceResponse.init(OneloginOAuthJSONResourceResponse.java:31)
    at org.apache.oltu.oauth2.client.response.OAuthClientResponse.init(OAuthClientResponse.java:101)
    at org.apache.oltu.oauth2.client.response.OAuthClientResponse.init(OAuthClientResponse.java:120)
    at org.apache.oltu.oauth2.client.response.OAuthClientResponseFactory.createCustomResponse(OAuthClientResponseFactory.java:82)
    at com.onelogin.sdk.conn.OneloginURLConnectionClient.execute(OneloginURLConnectionClient.java:75)
    at org.apache.oltu.oauth2.client.OAuthClient.resource(OAuthClient.java:81)
    at com.onelogin.sdk.conn.Client.getSAMLAssertion(Client.java:2238)
    at com.onelogin.aws.assume.role.cli.OneloginAWSCLI.getSamlResponse(OneloginAWSCLI.java:437)
    at com.onelogin.aws.assume.role.cli.OneloginAWSCLI.main(OneloginAWSCLI.java:256)

I know for a fact that my onelogin.sdk.properties is correct, because intentionally setting incorrect client_id/client_secret or changing the region to eu makes the application fail with another error (error='Unauthorized')

What might be the problem? Is there a debug switch I can use to help me understand what's going on?

Thanks, Yosi

1

1 Answers

0
votes

The problem was me using the username in incorrect format (needed the domain suffix - e.g. [email protected])