aws-adfs: Errors while attempting to log in from windows 10

I attempted to log in to aws through adfs on windows 10 using this glorious tool but got following error:

Error with verbose:

~ $ aws-adfs -v login --adfs-host=some.adfs.host.com --no-ssl-verification
2018-01-10 10:33:22,544 [html_roles_fetcher html_roles_fetcher.py:fetch_html_encoded_roles] [14344-MainProcess] [4696-MainThread] - DEBUG: Attempt to load authentication cookies into session failed. Re-authentication will be performed. The error: [Errno 2] No such file or directory: 'C:\\Users\\ato05/.aws\\adfs_cookies'
2018-01-10 10:33:22,546 [connectionpool connectionpool.py:_new_conn] [14344-MainProcess] [4696-MainThread] - DEBUG: Starting new HTTPS connection (1): some.adfs.host.com
c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\urllib3\connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
2018-01-10 10:33:22,779 [connectionpool connectionpool.py:_make_request] [14344-MainProcess] [4696-MainThread] - DEBUG: https://some.adfs.host.com:443 "POST /adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices HTTP/1.1" 302 0
c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\urllib3\connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
2018-01-10 10:33:22,821 [connectionpool connectionpool.py:_make_request] [14344-MainProcess] [4696-MainThread] - DEBUG: https://some.adfs.host.com:443 "GET /adfs/ls/wia?loginToRp=urn:amazon:webservices HTTP/1.1" 401 0
Traceback (most recent call last):
  File "C:\Users\ato05\scoop\apps\python\current\scripts\aws-adfs-script.py", line 11, in <module>
    load_entry_point('aws-adfs==0.4.8', 'console_scripts', 'aws-adfs')()
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\click\core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\click\core.py", line 697, in main
    rv = self.invoke(ctx)
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\click\core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\click\core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\click\core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\aws_adfs\login.py", line 82, in login
    principal_roles, assertion, aws_session_duration = authenticator.authenticate(config)
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\aws_adfs\authenticator.py", line 19, in authenticate
    password=password,
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\aws_adfs\html_roles_fetcher.py", line 76, in fetch_html_encoded_roles
    data=data
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\requests\sessions.py", line 555, in post
    return self.request('POST', url, data=data, json=json, **kwargs)
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\requests\sessions.py", line 508, in request
    resp = self.send(prep, **send_kwargs)
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\requests\sessions.py", line 640, in send
    history = [resp for resp in gen] if allow_redirects else []
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\requests\sessions.py", line 640, in <listcomp>
    history = [resp for resp in gen] if allow_redirects else []
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\requests\sessions.py", line 218, in resolve_redirects
    **adapter_kwargs
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\requests\sessions.py", line 625, in send
    r = dispatch_hook('response', hooks, r, **kwargs)
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\requests\hooks.py", line 31, in dispatch_hook
    _hook_data = hook(hook_data, **kwargs)
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\requests_negotiate_sspi\requests_negotiate_sspi.py", line 190, in _response_hook
    return self._retry_using_http_Negotiate_auth(r, scheme, kwargs)
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\requests_negotiate_sspi\requests_negotiate_sspi.py", line 73, in _retry_using_http_Negotiate_auth
    clientauth = sspi.ClientAuth(scheme, targetspn=targetspn, auth_info=self._auth_info)
  File "c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages\win32\lib\sspi.py", line 111, in __init__
    None, auth_info)
ValueError: year 30828 is out of range

some info:

~ $ [Environment]::OSVersion
Platform ServicePack Version      VersionString
-------- ----------- -------      -------------
Win32NT             10.0.15063.0 Microsoft Windows NT 10.0.15063.0

$ pip --version
pip 9.0.1 from c:\users\ato05\scoop\apps\python\3.6.3\lib\site-packages (python 3.6)

$ python --version
Python 3.6.3

$ aws-adfs --version
0.4.8

$ aws --version
aws-cli/1.14.11 Python/2.7.9 Windows/8 botocore/1.8.15

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 15 (5 by maintainers)

Most upvoted comments

No worries, the docker workaround is suitable for my needs at the moment. Maybe if I get more time I can look into this in more detail.

+2
greensmith on Feb 16, 2018
Read more comments on GitHub
← aws-adfs: Auth and/or connectivity problems with ADFS 2016?
aws-adfs: PyKerberos on MacOS - failure to install →