Editing Saml2aws login

{{lc}}

 [[saml2aws]] login
 [[saml2aws login --verbose]]
 [[saml2aws login --download-browser-driver]]

 [[saml2aws]] login --idp-account=XYZ

 [[saml2aws login --help]]

== help ==
<pre>
saml2aws login --help
usage: saml2aws login [<flags>]

Login to a SAML 2.0 IDP and convert the SAML assertion to an STS token.

Flags:
      --help                     Show context-sensitive help (also try --help-long and --help-man).
      --version                  Show application version.
      --verbose                  Enable verbose logging
      --quiet                    silences logs
  -i, --provider=PROVIDER        This flag is obsolete. See: https://github.com/Versent/saml2aws#configuring-idp-accounts
      --config=CONFIG            Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE)
  -a, --idp-account="default"    The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT)
      --idp-provider=IDP-PROVIDER
                                 The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER)
      --browser-type=BROWSER-TYPE
                                 The configured browser type when the IDP provider is set to Browser. if not set
                                 'chromium' will be used. (env: SAML2AWS_BROWSER_TYPE)
      --browser-executable-path=BROWSER-EXECUTABLE-PATH
                                 The configured browser full path when the IDP provider is set to Browser. If set,
                                 no browser download will be performed and the executable path will be used instead. (env:
                                 SAML2AWS_BROWSER_EXECUTABLE_PATH)
      --browser-autofill         Configures browser to autofill the username and password. (env:
                                 SAML2AWS_BROWSER_AUTOFILL)
      --mfa=MFA                  The name of the mfa. (env: SAML2AWS_MFA)
  -s, --skip-verify              Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY)
      --url=URL                  The URL of the SAML IDP server used to login. (env: SAML2AWS_URL)
      --username=USERNAME        The username used to login. (env: SAML2AWS_USERNAME)
      --password=PASSWORD        The password used to login. (env: SAML2AWS_PASSWORD)
      --mfa-token=MFA-TOKEN      The current MFA token (supported in Keycloak, ADFS, GoogleApps). (env:
                                 SAML2AWS_MFA_TOKEN)
      --role=ROLE                The ARN of the role to assume. (env: SAML2AWS_ROLE)
      --aws-urn=AWS-URN          The URN used by SAML when you login. (env: SAML2AWS_AWS_URN)
      --skip-prompt              Skip prompting for parameters during login.
      --session-duration=SESSION-DURATION
                                 The duration of your AWS Session. (env: SAML2AWS_SESSION_DURATION)
      --disable-keychain         Do not use keychain at all. This will also disable Okta sessions & remembering MFA
                                 device. (env: SAML2AWS_DISABLE_KEYCHAIN)
  -r, --region=REGION            AWS region to use for API requests, e.g. us-east-1, us-gov-west-1, cn-north-1 (env:
                                 SAML2AWS_REGION)
      --prompter=PROMPTER        The prompter to use for user input (default, pinentry)
  -p, --profile=PROFILE          The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
      --duo-mfa-option=DUO-MFA-OPTION
                                 The MFA option you want to use to authenticate with (supported providers: okta). (env:
                                 SAML2AWS_DUO_MFA_OPTION)
      --client-id=CLIENT-ID      OneLogin client id, used to generate API access token. (env: ONELOGIN_CLIENT_ID)
      --client-secret=CLIENT-SECRET
                                 OneLogin client secret, used to generate API access token. (env: ONELOGIN_CLIENT_SECRET)
      --mfa-ip-address=MFA-IP-ADDRESS
                                 IP address whitelisting defined in OneLogin MFA policies. (env: ONELOGIN_MFA_IP_ADDRESS)
      --force                    Refresh credentials even if not expired.
      --credential-process       Enables AWS Credential Process support by outputting credentials to STDOUT in a JSON
                                 message.
      --credentials-file=CREDENTIALS-FILE
                                 The file that will cache the credentials retrieved from AWS. When not specified, will use
                                 the default AWS credentials file location. (env: SAML2AWS_CREDENTIALS_FILE)
      --cache-saml               Caches the SAML response (env: SAML2AWS_CACHE_SAML)
      --cache-file=CACHE-FILE    The location of the SAML cache file (env: SAML2AWS_SAML_CACHE_FILE)
      --download-browser-driver  Automatically download browsers for Browser IDP. (env: SAML2AWS_AUTO_BROWSER_DOWNLOAD)
      --disable-sessions         Do not use Okta sessions. Uses Okta sessions by default. (env:
                                 SAML2AWS_OKTA_DISABLE_SESSIONS)
      --disable-remember-device  Do not remember Okta MFA device. Remembers MFA device by default. (env:
                                 SAML2AWS_OKTA_DISABLE_REMEMBER_DEVICE)
</pre>

== Errors ==
 [[Error authenticating to IdP.: error loading first page: failed to build login form data: could not find any forms matching the provided IDs]]

 Error authenticating to IdP.: [[page is missing saml assertion]]

 [[Error building login details.: Failed to validate account.: URL empty in idp account]]

 [[Error authenticating to IdP]].: could not start driver: fork/exec /Users/user/Library/Caches/[[ms-playwright-go]]/1.42.1/[[playwright.sh]]: no such file or directory
 
 Solution: [[saml2aws login --download-browser-driver]] or download_browser_driver = true in [[~/.saml2aws]]

== Related ==
* <code>[[~/.saml2aws]]</code>

== See also ==
* {{saml2aws login}}
* {{saml2aws}}

[[Category:SAML]]
@@ Line 9: / Line 9: @@
   [[saml2aws login --help]]
+== help ==
+<pre>
+saml2aws login --help
+usage: saml2aws login [<flags>]
+Login to a SAML 2.0 IDP and convert the SAML assertion to an STS token.
+Flags:
+      --help                     Show context-sensitive help (also try --help-long and --help-man).
+      --version                  Show application version.
+      --verbose                  Enable verbose logging
+      --quiet                    silences logs
+  -i, --provider=PROVIDER        This flag is obsolete. See: https://github.com/Versent/saml2aws#configuring-idp-accounts
+      --config=CONFIG            Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE)
+  -a, --idp-account="default"    The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT)
+      --idp-provider=IDP-PROVIDER
+                                 The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER)
+      --browser-type=BROWSER-TYPE
+                                 The configured browser type when the IDP provider is set to Browser. if not set
+                                 'chromium' will be used. (env: SAML2AWS_BROWSER_TYPE)
+      --browser-executable-path=BROWSER-EXECUTABLE-PATH
+                                 The configured browser full path when the IDP provider is set to Browser. If set,
+                                 no browser download will be performed and the executable path will be used instead. (env:
+                                 SAML2AWS_BROWSER_EXECUTABLE_PATH)
+      --browser-autofill         Configures browser to autofill the username and password. (env:
+                                 SAML2AWS_BROWSER_AUTOFILL)
+      --mfa=MFA                  The name of the mfa. (env: SAML2AWS_MFA)
+  -s, --skip-verify              Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY)
+      --url=URL                  The URL of the SAML IDP server used to login. (env: SAML2AWS_URL)
+      --username=USERNAME        The username used to login. (env: SAML2AWS_USERNAME)
+      --password=PASSWORD        The password used to login. (env: SAML2AWS_PASSWORD)
+      --mfa-token=MFA-TOKEN      The current MFA token (supported in Keycloak, ADFS, GoogleApps). (env:
+                                 SAML2AWS_MFA_TOKEN)
+      --role=ROLE                The ARN of the role to assume. (env: SAML2AWS_ROLE)
+      --aws-urn=AWS-URN          The URN used by SAML when you login. (env: SAML2AWS_AWS_URN)
+      --skip-prompt              Skip prompting for parameters during login.
+      --session-duration=SESSION-DURATION
+                                 The duration of your AWS Session. (env: SAML2AWS_SESSION_DURATION)
+      --disable-keychain         Do not use keychain at all. This will also disable Okta sessions & remembering MFA
+                                 device. (env: SAML2AWS_DISABLE_KEYCHAIN)
+  -r, --region=REGION            AWS region to use for API requests, e.g. us-east-1, us-gov-west-1, cn-north-1 (env:
+                                 SAML2AWS_REGION)
+      --prompter=PROMPTER        The prompter to use for user input (default, pinentry)
+  -p, --profile=PROFILE          The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
+      --duo-mfa-option=DUO-MFA-OPTION
+                                 The MFA option you want to use to authenticate with (supported providers: okta). (env:
+                                 SAML2AWS_DUO_MFA_OPTION)
+      --client-id=CLIENT-ID      OneLogin client id, used to generate API access token. (env: ONELOGIN_CLIENT_ID)
+      --client-secret=CLIENT-SECRET
+                                 OneLogin client secret, used to generate API access token. (env: ONELOGIN_CLIENT_SECRET)
+      --mfa-ip-address=MFA-IP-ADDRESS
+                                 IP address whitelisting defined in OneLogin MFA policies. (env: ONELOGIN_MFA_IP_ADDRESS)
+      --force                    Refresh credentials even if not expired.
+      --credential-process       Enables AWS Credential Process support by outputting credentials to STDOUT in a JSON
+                                 message.
+      --credentials-file=CREDENTIALS-FILE
+                                 The file that will cache the credentials retrieved from AWS. When not specified, will use
+                                 the default AWS credentials file location. (env: SAML2AWS_CREDENTIALS_FILE)
+      --cache-saml               Caches the SAML response (env: SAML2AWS_CACHE_SAML)
+      --cache-file=CACHE-FILE    The location of the SAML cache file (env: SAML2AWS_SAML_CACHE_FILE)
+      --download-browser-driver  Automatically download browsers for Browser IDP. (env: SAML2AWS_AUTO_BROWSER_DOWNLOAD)
+      --disable-sessions         Do not use Okta sessions. Uses Okta sessions by default. (env:
+                                 SAML2AWS_OKTA_DISABLE_SESSIONS)
+      --disable-remember-device  Do not remember Okta MFA device. Remembers MFA device by default. (env:
+                                 SAML2AWS_OKTA_DISABLE_REMEMBER_DEVICE)
+</pre>
 == Errors ==