Additional split on SAMLResponse split

[stephanpieterse]

---

name: Extra split to remove additional SAML Response Data
about: PR to address special case for some providers
title: ''
labels: ''
assignees: ''

---

Describe the bug
Some providers add additional information in the SAML Response and this appears to be randomly ordered, causing intermittent issues with validation.
Example:
SAMLResponse=dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6.........UmVzcG9uc2U+&RelayState=https://console.aws.amazon.com
In this case RelayState is being included and AWS to base64decode it, which is not succesful, and causes
InvalidIdentityToken: Invalid base64 SAMLResponse (Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlInvalidSamlResponseException;

To Reproduce
Steps to reproduce the behavior:

1. Use the tool such as aws-cli-auth saml -v -d 3600 -p https://foo.example.com --role arn:aws:iam::xxx:role/xxx --principal arn:aws:iam::xxx:saml-provider/xxx -s --cfg-section nonprod
2. Log in using the correct credentials
3. Authentication completes successfully
4. See error

Expected behavior
User able to login with correct credentials.

Screenshots
n/a

Desktop (please complete the following information):

• OS: Windows / Linux
• Browser: Chrome
• Version: all

Additional context
n/a

[dnitsch]

ah sorry @stephanpieterse - totally missed this

[dnitsch]

I can merge this in now - though will need to bypass the require signed commits policy, since I have not come back to this in a while I realise it's probably not on your active watchlist.