No OpenIDConnect provider found in your account

0

Hi,

I am trying to setup integration with Azure but am receiving the following error:

<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
  <Error>
    <Type>Sender</Type>
    <Code>InvalidIdentityToken</Code>
    <Message>No OpenIDConnect provider found in your account for https://login.microsoftonline.com/<REMOVED_FOR_FORUM_POST>/v2.0/</Message>
  </Error>
  <RequestId>82858d99-0a97-11e8-9deb-e557727bf59c</RequestId>
</ErrorResponse
>```

I am just making a simple cURL call:  
  
_curl "https://sts.amazonaws.com/?Action=AssumeRoleWithWebIdentity&DurationSeconds=3600&RoleSessionName=app1&RoleArn=arn:aws:iam::<MY_TENANT_ID>:role/AWS-TEST-OIDC-AZURE&WebIdentityToken=<THE_TOKEN_PROVIDED>&Version=2011-06-15"_  
  
I have followed the instructions posted at https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html (and the pages surrounding it).  
  
The OIDC provider is correctly setup, the role is correctly setup, the role is correctly defined.  
  
See also RequestID 5e2a5284-0aaa-11e8-8b03-53c6fa7390a4 which is with an alternate config, but still does not work,  
  
Edited by: devrandom on Feb 5, 2018 7:29 PM
asked 5 years ago1982 views
1 Answer
0

I had the same problem and it was difficult to troubleshoot. My problem appears to have been leaving a trailing slash in the oidc provider URL as part of the identity provider setup.

not working: https://provider.com/endpoint/
working: https://provider.com/endpoint

Changing the trust policy to include the trailing slash did not fix the issue either - the only way I could solve this issue was to delete the OIDC provider and re-create it without the trailing slash.

The exact error message I was seeing:
InvalidIdentityTokenException: An error occurred (InvalidIdentityToken) when calling the AssumeRoleWithWebIdentity operation: No OpenIDConnect provider found in your account for <provider>

The hint was the error message did not display the trailing slash no matter what was in the trust policy.

answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions