aws-azure-login: Login is using wrong username

In my organization we generally have two accounts in Azure AD: our normal jghal@example.com account for email/office/teams/etc, and an admin account jghala@corp.example.com if we do server admin stuff. It’s the admin account that we use to login to the Azure MyApps portal and launch into our AWS accounts. In my $env:USERPROFILE.aws\config I have the default profile set with

azure_default_username=jghala@corp.example.com
azure_default_remember_me=false

When I run aws-azure-login it’s staunchly refusing to use the configured username, and instead using jghal@example.com.

Due to corp proxy and local security agents, I have to disable Puppeteer’s bundled Chromium (checksum matches a DB of versions with known vulnerabilities) and set a custom path.

I’ve made sure that my Chrome profile is logged out of AzureAD (and I use MS Edge Chromium for logging into my normal Office AAD account), and deleted all browser data for all time in my Chrome profile.

I’ve deleted everything under _$env:USERPROFILE.aws_ other than the config and credentials files, and I have no other configuration or credentials specified in those two files save for what I’m configuring in order to use aws-azure-login.

4/24/2020 1:39:45 PM JGHAL ~
> $env:PUPPETEER_EXECUTABLE_PATH="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

4/24/2020 1:34:56 PM JGHAL ~
> npm list aws-azure-login
C:\Users\JGHAL
`-- aws-azure-login@2.1.0

4/24/2020 1:35:39 PM JGHAL ~
> npm list puppeteer
C:\Users\JGHAL
`-- aws-azure-login@2.1.0
  `-- puppeteer@2.1.1

4/24/2020 1:35:56 PM JGHAL ~
> npm config list
; cli configs
metrics-registry = "https://registry.npmjs.org/"
scope = ""
user-agent = "npm/6.14.4 node/v14.0.0 win32 x64"

; userconfig C:\Users\JGHAL\.npmrc
puppeteer_skip_chromium_download = "1"

; builtin config undefined
prefix = "C:\\Users\\JGHAL\\AppData\\Roaming\\npm"

; node bin location = C:\Program Files\nodejs\node.exe
; cwd = C:\Users\JGHAL
; HOME = C:\Users\JGHAL
; "npm config ls -l" to show all defaults.

About this issue

  • Original URL
  • State: open
  • Created 4 years ago
  • Comments: 16 (4 by maintainers)

Most upvoted comments

I have an idea of how to handle this and testing it out locally it works. A simple way to handle this is to split out the chromium user data into different directories say by AAD tenant ID. My thoughts are to add an option to enable this as perhaps --chromium-user-data-for-azure-tenant. You would need to supply this on the initial and all subsequent login attempts in order to ensure that the dip into the chromium user data bucket is proper.

An alternative more more stateful approach would be to add a new named profile field that more explicitly enables separate chromium user data for a given named profile (e.g. chromium_data_for_azure_tenant = true).

+1
agershman on Mar 16, 2023

I had eventually settled on using Docker container and that was working, but then our org setup the proper AWS SAML/SSO login with AzureAD so we now just use the AWS CLI v2 built-in sso support.

+1
jghal on Aug 25, 2020

We have been using Clumsy with a 200ms lag to make clicking on cancel easier

https://jagt.github.io/clumsy/

+1
philals on Jun 16, 2020

I think puppeteer has early support for Firefox, which does not have this issue. So there is another option.

Thanks for the tool!

+1
philals on May 4, 2020

Solution: So everything inside a docker container works like a charm: https://github.com/sportradar/aws-azure-login#docker

Still not sure where Chrome is getting the username from, I’m on a corp VPN so there must be something pre-configureing it.

+1
philals on May 4, 2020
Read more comments on GitHub
← aws-xray-sdk-python: SegmentNotFoundException was raised when AWS_XRAY_SDK_ENABLED=false and use/call any method of xray_recorder
aws-azure-login: Unable to recognize page state →