Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

While using SSO integrations in different regions starting a new session will fail with: "Session token not found or invalid" #360

Closed
rusowyler opened this issue Nov 16, 2022 · 5 comments
Closed

While using SSO integrations in different regions starting a new session will fail with: "Session token not found or invalid" #360

rusowyler opened this issue Nov 16, 2022 · 5 comments
Labels
bug Something isn't working

Comments

@rusowyler
Copy link
Contributor

Describe the bug
When you have 2 SSO integrations in different regions only sessions of the first integration you use will work. For the second integrations you will always get "Session token not found or invalid".

Leapp Version
Version 0.16.2 (0.16.2)

To Reproduce
Steps to reproduce the behavior:

  1. Create 2 integrations in different regions
  2. Start a session with the first one
  3. Try to start a session with the second one.

Expected behavior
The session should start successfully.

Desktop (please complete the following information):

  • OS: Mac Monterey
  • OS Version 12.5.1
  • Leapp Version 0.16.2 (0.16.2)

Additional context
The problem is in aws-sso-integration-service.ts line 196. When we check if the client exists we don't check if the region changed. If it had, we then use a client with the incorrect region leading to the failure.
Screen Shot 2022-11-16 at 11 09 15

Current code:

    setupSsoPortalClient(region) {
        if (!this.ssoPortal) {
            this.ssoPortal = new sso_1.default({ region });
            this.listAccountRolesCall = new throttle_service_1.ThrottleService((...params) => this.ssoPortal.listAccountRoles(...params).promise(), constants_1.constants.maxSsoTps);
        }
    }

Proposed fix:

    setupSsoPortalClient(region) {
        if (!this.ssoPortal || this.ssoPortal.config.region != region) {
            this.ssoPortal = new sso_1.default({ region });
            this.listAccountRolesCall = new throttle_service_1.ThrottleService((...params) => this.ssoPortal.listAccountRoles(...params).promise(), constants_1.constants.maxSsoTps);
        }
    }

Happy to make a PR if need it! Thanks for the incredible app!
@rusowyler rusowyler added the bug Something isn't working label Nov 16, 2022
@andreacavagna01
Copy link
Contributor

Happy to make a PR if need it! Thanks for the incredible app!

Yes, please! Add the quick fix, and we will check it as soon as possible :)

@andreacavagna01
Copy link
Contributor

Thanks for your contribution and the kind words!

rusowyler added a commit to rusowyler/leapp that referenced this issue Nov 16, 2022
@rusowyler
fix(Noovolari#360): recreates AWS SSO client when the region changes
2cb1903 
This commit fixes the case when the region for AWS SSO changes
and the client isn't aware, leading to the "Session token not found
or invalid" error.

It adds a check to see if the clients' region is different to the
integration one and so recreate the client.

Signed-off-by: Mauricio Wyler <[email protected]>
@urz9999
Copy link
Contributor

urz9999 commented Nov 22, 2022

Will check this shortly and merge it to the codebase, sorry for the late response, and thanks again for the PR! 👍

@rusowyler
Copy link
Contributor Author

Hi @urz9999! Any update on this? Do you need more info on my end?

Thanks again!

urz9999 pushed a commit that referenced this issue Dec 7, 2022
@rusowyler
fix(#360): recreates AWS SSO client when the region changes (#361)
6a08655 
This commit fixes the case when the region for AWS SSO changes
and the client isn't aware, leading to the "Session token not found
or invalid" error.

It adds a check to see if the clients' region is different to the
integration one and so recreate the client.

Signed-off-by: Mauricio Wyler <[email protected]>

Signed-off-by: Mauricio Wyler <[email protected]>
@ericvilla
Copy link
Contributor

We've merged @rusowyler PR and included it in the last v0.17.0 release. The PR solves this issue.
Again, thank you for your contribution @rusowyler! It's very appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rusowyler @urz9999 @ericvilla @andreacavagna01