Versions Compared

Old Version 11

changes.mady.by.user Paul Allen

Saved on

compared with

New Version 12

changes.mady.by.user Paul Allen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
$ aws --profile foo login configure
ECP Endpoint URL [None]: https://shibidp-test.cit.cornell.edu/idp/profile/SAML2/SOAP/ECP
Username [None]: pea1
Enable Keyring [False]:
Duo Factor [None]: auto
Role ARN [None]: arn:aws:iam::111111111111:role/shib-admin

$ aws --profile bar login configure
ECP Endpoint URL [None]: https://shibidp-test.cit.cornell.edu/idp/profile/SAML2/SOAP/ECP
Username [None]: pea1
Enable Keyring [False]: 
Duo Factor [None]: auto
Role ARN [None]: arn:aws:iam::222222222222:role/shib-admin
 
$ aws --profile foo login
Password: **************
# Provided second factor out of band
$ aws --profile foo sts get-caller-identity
{
    "Arn": "arn:aws:sts::111111111111:assumed-role/shib-admin/pea1@cornell.edu",
    "Account": "111111111111",
    "UserId": "XXXXICCPMY7VALLFXXXX:pea1@cornell.edu"
}

 
$ aws --profile bar login
Password: **************
# Provided second factor out of band
$ aws --profile foo sts get-caller-identity
{
    "Arn": "arn:aws:sts::222222222222:assumed-role/shib-admin/pea1@cornell.edu",
    "Account": "222222222222",
    "UserId": "YYYYICCPMY7VALLFYYYY:pea1@cornell.edu"
}

 
 

Troubleshooting

Help! I got a 401 Client Error

Code Block
$ aws login
Password: **************
401 Client Error: Unauthorized for url: https://shibidp-test.cit.cornell.edu/idp/profile/SAML2/SOAP/ECP

This situation occurs when you provide an incorrect password.

Help! I got 504 Server Error

Code Block
$ aws login
Password: **************
504 Server Error: GATEWAY_TIMEOUT for url: https://shibidp-test.cit.cornell.edu/idp/profile/SAML2/SOAP/ECP

This situation occurs when you fail to provide your Duo second factor in time.