New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v2] aws sso commands should allow opting out of automatically opening a browser #5301
Comments
Hi @mmerickel, it looks like this request is similar to #5061. If so, I'll link it there and mark it as a duplicate. Thanks! |
I think my ticket was a bit more detailed and is actually about machines that do have a browser versus machines that don't. However the final feature implemented should definitely satisfy both use cases. The referenced issue also does not mention |
@mmerickel This is definitely a reasonable feature request to have something explicit to say "don't open a browser". We went back and forth on whether or not we should open a browser at all, should it be the default, etc. when implementing this initially and opted to try and be smart and always try to open the browser with some fallback text. Because we use
Let me know if that works for you in the interim. |
@joguSD this approach does work perfectly for me. Thank you for that. It appears the code does not know whether it opened the browser or not - if it did then there could be a lot of improved messaging here. |
My organization has multiple proxies and gives us multiple domain accounts for different roles, it's almost never the case that my default browser is either logged into the domain account I need to use for the SSO login or using the proxy to meet source IP CIDR firewall rules. I can't get that ENV variable to work on Windows. I have to wait for the CLI to open my default browser and frantically ESC then CTRL-W and hope I caught it in time, then open my other browser that will work for the login. Even though you have support for using elinks when on a headless connection to a linux machine, I've never seen elinks not fail on cert validation of the SSO login URL. For a while I was having to |
This is an issue for me. For some reason my AV has decided that anytime a browser is launched in WSL it's a 'suspicious behavior'. |
BROWSER=true does not work with the webbrowser Python module on my system. |
Also see #5533. |
BROWSER=/usr/bin/echo is great because it produces the full URL for easy one-step copy and paste to a desktop browser. Thanks for the hint! |
That's super useful - not to figure out what it is for Windows users, we have a few of them and this would be quite useful... |
I would think that just having a real CLI argument like That would work for all platforms. |
I also just tried setting an environment variable
Related: #5058 (comment) Setting |
For Windows: If you have Cygwin installed, the Linux approach works. Cheers, |
Hi, |
I tried the
|
@lmayorga1980 the hack is to use |
I tried the
|
I can confirm that Nevertheless, I still think that adding the |
Any options for a headless(no-browser) environment? |
Any workarounds for this? |
Our use case is to use AWS SSO as our source of auth and assume IAM roles (Permission Sets) for SaaS-based CICD pipeline. |
@dcloud9 I will provide a |
Would you be able to share the |
It would be very useful to have an official flag, just for the sake of following the convention that options/flags are documented (e.g. manpage or The particular pain that this causes for me is that I'm migrating from traditional IAM user access accounts and a new SSO enabled organization accounts. Getting logged out of my IAM session is frustrating. I'm glad I found the |
Would be very valuable to have some "do-not-open" parameter here. My case is that I am using Firefox with "multi account containers" and for practical reasons my SSO-logins are living in a dedicated container. |
@abjoerne I'm using containers and the |
Yes thanks, have been using it. Just added the use-case since it is a workaround and AWS have made assumptions that everyone is using the default browser for logging into AWS SSO. And you have to remember to use it, and tell others... |
Closing this as the PR linked above was merged (#6743) Parameter added here:
|
|
This hack managed to save me, as the sso login page has no logout option, and everytime it automatically opens the browser it's logging in as the wrong user, since it refuses to open the url in the other browser, or aws refuses to give me a logout option so I can change the user. Annoying it's been 3 years now and this isn't in the latest aws-cli version, help text when you use -h |
Is your feature request related to a problem? Please describe.
I'm using a remote shell via SSH to a machine that has a GUI (macOS). When performing
aws configure sso
oraws sso login
it dumps out the url and code to enter into a browser myself. However, the browser has already opened on the remote machine even though I cannot easily access it (nor want to). AWS does not allow me to use the url and code from the console in this scenario to login from my host machine because it was already used by the remote, unseen, browser.Describe the solution you'd like
A CLI flag like
--no-browser
to avoid launching the default browser on the system, allowing me to use the url and code myself manually.Describe alternatives you've considered
A CLI interactive prompt asking whether you'd like to open the default browser. I like this too, and think it should exist before automatically opening another window on my system, but I feel like CLI flags should always exist as well.
The text was updated successfully, but these errors were encountered: