Autofill not filling in Account textbox on aws.amazon.com

I have two different AWS logins. One for dev and one for production. When I try to use 1password to fill in my AWS credentials, it enters the username and password, but doesn't enter the account. How can this be fixed so that the account will be entered?


1Password Version: Not Provided
Extension Version: 1Password 5 Version 5.4.BETA-29 (540029)
OS Version: 10.10.4
Sync Type: Not Provided

Comments

  • Hi @jbaranick,

    Thanks for taking the time to contact us!

    Saving a new login item as described in this article might help:

    How to manually save a Login

    If that doesn't help, could you please let us know the URL of the login page you're using so we can investigate further?

  • jbaranick
    jbaranick
    Community Member

    Hi @JasperP,

    Manually saving the login doesn't fix the issue. 1Password still doesn't populate the Account textbox. The URL is: https://signin.aws.amazon.com/oauth

  • sjk
    sjk
    1Password Alumni

    Hi @jbaranick,

    Thanks for that extra information. Sorry you're still having trouble with this even with a newly-created Login item that Jasper suggested trying.

    Here's the result I get when opening the URL in your reply:

    {"error": "invalid_request","error_description": "Missing required parameter"}

    To reach a three field AWS Sign-in page I can use a URL like this:

    https://tester.signin.aws.amazon.com/console

    That will pre-fill the Account field with tester:

    I have two different AWS logins. One for dev and one for production. When I try to use 1password to fill in my AWS credentials, it enters the username and password, but doesn't enter the account.

    Let's say dev and production are the account names for your two AWS logins. AWS sign-in URLs for those would be:

    https://dev.signin.aws.amazon.com/console
    https://production.signin.aws.amazon.com/console

    Please try changing dev and production to your actual AWS account names, then opening both of those pages and manually saving a new Login item for each of them. If an Account field doesn't pre-populate with your correct account name you can change that before saving an item.

    Let us know if that helps with creating working Login items for both of your AWS accounts. Thanks!

  • leventyalcin
    leventyalcin
    Community Member
    edited December 2015

    Hi @sjk

    I think your suggestion is not a solution, it's a workaround. You sound like "change your habits". So I do not CMD+Alt+\ and search AWS accounts and login because of I have loads of AWS accounts and I'm switching between accounts so often in a day. I do expect that 1pass is filling account field (due to I can see in webform details http://prntscr.com/9c6opt ) too. It is faster, quicker to me.

    I hope it makes sense.

    Thanks,
    Levent.

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @leventyalcin,

    I'm afraid I don't quite understand what you mean, but I wonder if you perhaps misunderstood sjk's message? Are you having any trouble using 1Password to fill your login credentials for different AWS accounts, or is that working correctly for you?

    Your screenshot shows that the web form details in one of your Login items contains data for all 3 fields on an AWS login page - account, username, and password. Based on that, I'm guessing all 3 fields are being filled correctly when you use 1Password to fill the AWS login form - and if so, there's no need to follow sjk's steps to create a working Login item for that site. But if your AWS Login items are not filling all 3 fields properly, sjk's steps should solve that.

    Please let us know if you're having any trouble filling the fields on the AWS login page, and we'll be happy to help you with that. Thanks! :)

  • leventyalcin
    leventyalcin
    Community Member

    Hi @Drew_AG ,

    Could you please add multiple AWS account to 1Pass and logout from one and login to another one?

    This will make the problem clear.

    Thanks

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @leventyalcin,

    I have gone through the steps required to create an AWS Amazon account and then to add two IAM users. The sign-in link Amazon themselves provided was of the form https://xxxxxx.signin.aws.amazon.com/console and I was able to sign in and out of the accounts without observing anything obvious.

    I will happily help but I need a clear description to do so. If I don't know what odd behaviour you're observing and how to replicate it then progress will be extremely difficult.

  • leventyalcin
    leventyalcin
    Community Member

    Hi @littlebobbytables,

    Could you please tell me what steps you're taking to sign-in/out? Please include keystrokes too and I'll write down mine after you . That makes easier to understand each other.

    Thanks,
    L

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @leventyalcin,

    From a clean browser I first sign in using open and fill on one of my IAM user Login items. I know of no other way to reach the proper 3 field login page as otherwise I'm sent to a Sign In or Create an AWS Account page that only allows logging in with the root account (requests an email address and password only).

    I sign out using the menu option in the upper right hand corner and I'm sent to https://aws.amazon.com where due to cookies I now have a Sign In to the Console button. If I click this I'm taken to the 3 field login page with the account number filled. I can then fill using the keyboard shortcut ⌘\ where everything submits as normal and I'm logged into the other IAM user account. I can also click on the website field from the main 1Password window or inside the Login item details bubble in 1Password mini to use open and fill in a new tab. What I can't do is select an existing Login item while on https://aws.amazon.com as 1Password attempts to fill the current page which is a landing page and not the login page.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Just to add, I freely admit I may be missing something. I am not an AWS Amazon user so know little of their service. Part of the time taken in my initial testing was fighting through the registration process and then searching to find out what additional users meant in terms of their service.

  • leventyalcin
    leventyalcin
    Community Member
    edited December 2015

    I hope this time I can explain better.

    The thing is work perfectly as you told.

    My point is sign out moves the page to the same place for every and each account and 1Password can find and list accounts when you hit CMD+\, but can't fill the account name field. And making another two keystroke and seeing the AWS console on new tab makes me sick.

    This is my browser when I'm working in a normal http://prntscr.com/9h5zf3 and I always keep monitoring stuff at 1st tab, AWS at 2nd, and few things after. I always know CMD+2 opens AWS console on the browser, but If I sign out, 1Pass opens AWS console on a new tab, I have to close 2nd tab, and then I have to move last tab to 2nd place, and there was extra keystrokes I've told.

    I hope I could make it clear.

    @littlebobbytables

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Greetings @leventyalcin,

    So to clarify, is this issue only present if you have multiple root AWS accounts (or whatever the term is) and then on top of that you have multiple IAM accounts belonging to these different AWS accounts?

    I duplicated one of my IAM accounts and tweaked the account number to simulate am IAM account for a different AWS account.

    1. I logged into one of my real IAM accounts.
    2. I logged out which sends me back to https://aws.amazon.com
    3. I click the Sign In to the Console button to get sent to the IAM login page with three fields.
    4. I used ⌘\ and selected my pretend IAM Login item.

    Doing this caused all three fields to fill with the correct values and the previous account number was replaced with the account number for the Login item I'm trying to fill with.

    The keyboard shortcut ⌘\ will only attempt to fill on the open page. If you're trying to fill before you click the Sign In to the Console button that won't work. You could change 1Password mini's open and fill behaviour from Open URLs in New Tab to Open URLs in Current Tab but that would affect all uses of it, not just here. That setting is configurable by opening 1Password mini and clicking the cog icon in the top right hand corner and it's the sub menu right above the Quit 1Password mini option.

    I'm still not convinced I understand what the expected behaviour is though so it may be worth explaining it step by step like I did above. After you log out of one IAM account and you're returned to https://aws.amazon.com, what precisely are you doing and how do you expect 1Password to behave?

  • leventyalcin
    leventyalcin
    Community Member

    @littlebobbytables

    I duplicated one of my IAM accounts and tweaked the account number to simulate am IAM account for a different AWS account.

    Duplicating an account is not the same thing. First of all, you will have the same sign in URL. Creating AWS accounts are free and you can create as much as you want.

    Doing this caused all three fields to fill with the correct values and the previous account number was replaced with the account number for the Login item I'm trying to fill with.

    1Pass behaves differently when you have different sign in URLs

    You could change 1Password mini's open and fill behaviour from Open URLs in New Tab to Open URLs in Current Tab but that would affect all uses of it, not just here.

    Changing any setting globally for a particular thing is not a good idea.

    I can record a screencast for it if you'd like but I don't want to share account IDs and names I have publicly and that means I have to create dummy ones for this which is you can do by yourself.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @leventyalcin,

    I altered both the URL and the web form details when I duplicated the Login item and altered the account number. My duplicate item contained no reference to the actual AWS account that I created. The URL stored wouldn't make a difference though as I was using the keyboard shortcut ⌘\ to fill the current page rather than using open and fill.

    How would you feel about sending us a recording of what you're observing to our ticketing system? As I've said, everything I try results in what seems like reasonable behaviour but I'm still far from convinced I know what it is I'm meant to be looking for. Our ticketing system is private and what we use if an issue is complex or requires anything remotely sensitive .e.g a diagnostic report for example. If that sounds reasonable to you then the email address to use is support+forum@agilebits.com and if you could mark the ticket FAO: LittleBobbyTables that will help ensure whoever sees it first will notify me that you've contacted us.

  • leventyalcin
    leventyalcin
    Community Member

    Well, This is the last e-mail I've got from support team and it works for me. I hope it helps to you @jbaranick

    Hi Levent,

    Well I'm extremely confident that we've discovered the cause then. There are two filling approaches we use. One uses the web form details section but will only do so if the 'fingerprint' of the login page matches the stored fingerprint in the Login item. It isn't the full view of it but the web form details section is an indicator of what we store there. If the fields on the login page don't match then we fall back to a more conservative approach which attempts to fill in the visible username and password only. As the IAM login page is a three field form it means we need the fill by HTML attribute to be used. My working Login items do not have a website field (or a checkbox for MFA) so I strongly believe the reason your IAM Login items aren't working is these fields in the web form details section is causing 1Password to use the more basic filling approach that would only fill the username and password field.

    I would recommend the following for each IAM Login item.

    1. For each Login item, visit the dedicated signin URL that Amazon provided, the ones in the form of https://xxxxxxxxx.signin.aws.amazon.com/console
    2. Fill in the three fields.
    3. Manually save a new Login item, the steps for this can be found at https://support.1password.com/save-login-manually/

    This new item should have only the following fields in its web form details section

    account
    username
    password
    mfacode
    next_mfacode

    I believe you will find these new Login items behave better. The reason "open and fill" was working was the dedicated signin URL populated the account field for you and the fill by HTML designation filled the other two. Using just the standard fill command though when jumping between accounts wouldn't work because nothing was altering the account field. The new Login items will correctly fill the account field. It might be Amazon have changed the login page at some point and if they did that could explain why these items aren't working.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Greetings @leventyalcin,

    I'm glad to hear we managed to resolve the issue :smile:

This discussion has been closed.