[英]STS ,SAML and Java SDK Unable to load AWS credentials from any provider in the chain
I am trying to get temp credentials for AWS from STS using a SAML requet(from ADFS). 我正在尝试使用SAML requet(来自ADFS)从STS获取AWS的临时凭证。 I have the SAML token, the role arn and principalARN.
我有SAML令牌,角色arn和principalARN。 If I use this to login using AWS CLI they work.
如果我使用它来使用AWS CLI登录它们就可以了。 But using the same 3 with the Java SDK gives the following error.
但是使用与Java SDK相同的3会产生以下错误。
Unable to load AWS credentials from any provider in the chain
无法从链中的任何提供程序加载AWS凭据
Here is the Java code I am using. 这是我正在使用的Java代码。
AssumeRoleWithSAMLRequest samlreq =new AssumeRoleWithSAMLRequest().withPrincipalArn(principalARN).withRoleArn(roleARN).withSAMLAssertion(SAMLToken);
AWSSecurityTokenServiceClient stsclient = new AWSSecurityTokenServiceClient();
AssumeRoleWithSAMLResult tempcreds=stsclient.assumeRoleWithSAML(samlreq);
Any idea what I am doing wrong or missing? 知道我做错了什么或错过了吗?
Here is the Stack trace: 这是堆栈跟踪:
Exception in thread "main" com.amazonaws.AmazonClientException: Unable to load AWS credentials from any provider in the chain at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:117) at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1098) at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRoleWithSAML(AWSSecurityTokenServiceClient.java:575) at App.main(App.java:83)
线程“main”中的异常com.amazonaws.AmazonClientException:无法从com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:117)链中的任何提供者加载AWS凭证,地址为com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient .invoke(AWSSecurityTokenServiceClient.java:1098)位于App.main的com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRoleWithSAML(AWSSecurityTokenServiceClient.java:575)(App.java:83)
I got it working finally had to add : 我得到它的工作最后不得不添加:
BasicAWSCredentials basicCreds=new BasicAWSCredentials("", "");
AWSSecurityTokenServiceClient stsclient = new AWSSecurityTokenServiceClient(basicCreds);
Basically give the sts client a blank set of credentials. 基本上给sts客户端一组空白的凭据。
The AWSSecurityTokenServiceClient is deprecated. 不推荐使用AWSSecurityTokenServiceClient。 The following code also works.
以下代码也有效。
BasicAWSCredentials theAWSCredentials= new BasicAWSCredentials("","");
AWSCredentialsProvider theAWSCredentialsProvider = new AWSStaticCredentialsProvider(theAWSCredentials);
AWSSecurityTokenService theSecurityTokenService = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(theAWSCredentialsProvider).build();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.