Plugin does not write to credentials all the profiles that were setup

[policarpo]

Since the new version, 2.3, I no longer see all the profiles I setup on the plugin on my credentials file. It seems to always ignore the first profile I setup.
If for example I add one profile then I only see the default. When I add a new one then I will see default + the second profile I add

[aman-agrawal-coolblue]

I had this problem too. Until the previous version, I had setup a development profile in the plugin which got downloaded into my credentials file (along with the default one). Today, I downloaded a fresh credentials file and I can't see the development profile anymore, only default. To workaround this I have had to add 2 additional profiles, re-download the credentials file and update my config to point to the appropriate profile.

Is there any chance that the default profile IS the development profile?

[prolane]

@policarpo @aman-agrawal-coolblue Does this also happen when you set 'SessionDuration' to 'no' in the option panel?

If so, could any of you share the console output?
Go to Extensions, turn on 'Developer Mode', and then click 'Inspect views background/background.html' for this extension. This will give you a new window with the console open. Try to use the extension and please share whatever output is generated.

I tested at my end with two profiles. Both of them are added to the credentials file, along with the default at the top. I'm wondering if perhaps the additional role you are trying to assume is clashing with the requested SessionDuration from your SAML provider.

[prolane]

Just tested the above described scenario. I.e. where one of the extra roles has a max session duration which is lower than the requested session duration from the SAML provider. The extension will create all the profiles in the credentials file for the roles which where able to be assumed. Just not the profiles which gave an error 'requested DurationSeconds exceeds the MaxSessionDuration set for this role'.

[policarpo]

@prolane sorry hadn't seen your reply. here is screenshot of the error i get

[prolane]

@policarpo Okay thanks. The error shows its indeed the duration of the session what is the issue. The Identity provider you login to (e.g. ADFS, Okta) is requesting a session duration longer than 1 hour. However, the IAM roles you are trying to assume do not allow this.

So either you change the configuration of your Identity provider or you change the settings of you IAM role.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session

Alternatively you can switch off this feature in the Chrome extension by going to the options panel and set the 'SessionDuration' setting to 'no' in order to opt out.

[policarpo]

@prolane FYI, i did get that error when i had already changed the SessionDuration to no.
Not sure if that is intended... but I do see all my profiles then on the credentials file

[prolane]

@policarpo So if I understand you correctly, you have set SessionDuration to no, and it all works for you now (all profiles get valid keys in the credentials file), but you do see the error from your screenshot in the console logs? Did I get that right?

[policarpo]

Nevermind. Apparently i changed it after. Just double checked it