4

I am trying to get temp credentials for AWS from STS using a SAML requet(from ADFS). I have the SAML token, the role arn and principalARN. If I use this to login using AWS CLI they work. But using the same 3 with the Java SDK gives the following error.

Unable to load AWS credentials from any provider in the chain

Here is the Java code I am using. 

AssumeRoleWithSAMLRequest samlreq =new AssumeRoleWithSAMLRequest().withPrincipalArn(principalARN).withRoleArn(roleARN).withSAMLAssertion(SAMLToken); AWSSecurityTokenServiceClient stsclient = new AWSSecurityTokenServiceClient(); AssumeRoleWithSAMLResult tempcreds=stsclient.assumeRoleWithSAML(samlreq);

Any idea what I am doing wrong or missing?

Here is the Stack trace:

Exception in thread "main" com.amazonaws.AmazonClientException: Unable to load AWS credentials from any provider in the chain at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:117) at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1098) at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRoleWithSAML(AWSSecurityTokenServiceClient.java:575) at App.main(App.java:83)

Improve this question
2
  • Can you include the exact stack trace you are seeing? Commented Apr 13, 2016 at 17:28
  • I have added the stack trace in the questions. Commented Apr 14, 2016 at 14:56

2 Answers 2

Reset to default
6

I got it working finally had to add :

BasicAWSCredentials basicCreds=new BasicAWSCredentials("", ""); AWSSecurityTokenServiceClient stsclient = new AWSSecurityTokenServiceClient(basicCreds);

Basically give the sts client a blank set of credentials.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Same issue and fix for .Net SDK.
1

The AWSSecurityTokenServiceClient is deprecated. The following code also works.

BasicAWSCredentials theAWSCredentials= new BasicAWSCredentials("",""); AWSCredentialsProvider theAWSCredentialsProvider = new AWSStaticCredentialsProvider(theAWSCredentials); AWSSecurityTokenService theSecurityTokenService = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(theAWSCredentialsProvider).build();
Improve this answer

2 Comments

AWSBasicCredentials on AWS-SDK-JAVA-V2.
java.lang.NullPointerException: Access key ID cannot be blank.... you would be better off just using the AnonymousCredentialsProvider, i.e: cognitoIdentityBuilder.region(AWSREGION).credentialsProvider(AnonymousCredentialsProvider.create());

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.