Failed to connect. (OSError('Tunnel connection failed: 403 Tunnel or SSL Forbidden'))

[zmanhogmail]

Hello,
I am using a windows2019 server to access the AWS, but it returned (OSError('Tunnel connection failed: 403 Tunnel or SSL Forbidden'))

here is the log. would you please help to check? And i have 2 questions:

1. I would like to confirm the aws-adfs is using proxy to connect to the aws. (i have tested my server is able to access the proxy server)
2. my adfs-host is correct? "http://adfsu.ccbb.hk/adfs/ls/idpinitiatedsignon.htm?loginToRp=urn:amazon:webservices"

C:\Users\user1>aws-adfs login --profile my-adfs-profile --adfs-host "http://adfsu.ccbb.hk/adfs/ls/idpinitiatedsignon.htm?loginToRp=urn:amazon:webservices" --no-ssl-verification
Traceback (most recent call last):
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\urllib3\connectionpool.py", line 775, in urlopen
self._prepare_proxy(conn)
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\urllib3\connectionpool.py", line 1044, in _prepare_proxy
conn.connect()
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\urllib3\connection.py", line 710, in connect
self._tunnel()
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\http\client.py", line 979, in _tunnel
raise OSError(f"Tunnel connection failed: {code} {message.strip()}")
OSError: Tunnel connection failed: 403 Tunnel or SSL Forbidden

The above exception was the direct cause of the following exception:

urllib3.exceptions.ProxyError: ('Unable to connect to proxy', OSError('Tunnel connection failed: 403 Tunnel or SSL Forbidden'))

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\requests\adapters.py", line 667, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\urllib3\connectionpool.py", line 843, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\urllib3\util\retry.py", line 519, in increment
raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='http', port=443): Max retries exceeded with url: /adfsu.ccbb.hk/adfs/ls/idpinitiatedsignon.htm?loginToRp=urn:amazon:webservices/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices (Caused by ProxyError('Unable to connect to proxy', OSError('Tunnel connection failed: 403 Tunnel or SSL Forbidden')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "", line 198, in _run_module_as_main
File "", line 88, in run_code
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Scripts\aws-adfs.exe_main.py", line 7, in
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\click\core.py", line 1157, in call
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\click\core.py", line 1078, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\click\core.py", line 1688, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\click\core.py", line 1434, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\click\core.py", line 783, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\aws_adfs\login.py", line 225, in login
principal_roles, assertion, aws_session_duration = authenticator.authenticate(config, assertfile=assertfile)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\aws_adfs\authenticator.py", line 19, in authenticate
response, session = html_roles_fetcher.fetch_html_encoded_roles(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\aws_adfs\html_roles_fetcher.py", line 103, in fetch_html_encoded_roles
response = session.post(
^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\requests\sessions.py", line 637, in post
return self.request("POST", url, data=data, json=json, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\requests\sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\requests\sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\requests\adapters.py", line 694, in send
raise ProxyError(e, request=request)
requests.exceptions.ProxyError: HTTPSConnectionPool(host='http', port=443): Max retries exceeded with url: /adfsu.ccbb.hk/adfs/ls/idpinitiatedsignon.htm?loginToRp=urn:amazon:webservices/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices (Caused by ProxyError('Unable to connect to proxy', OSError('Tunnel connection failed: 403 Tunnel or SSL Forbidden')))

C:\Users\user1>aws-adfs login --profile my-adfs-profile --adfs-host "http://adfsu.ccbb.hk/adfs/ls/idpinitiatedsignon.htm?loginToRp=urn:amazon:webservices"
Traceback (most recent call last):
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\urllib3\connectionpool.py", line 775, in urlopen
self._prepare_proxy(conn)
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\urllib3\connectionpool.py", line 1044, in _prepare_proxy
conn.connect()
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\urllib3\connection.py", line 710, in connect
self._tunnel()
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\http\client.py", line 979, in _tunnel
raise OSError(f"Tunnel connection failed: {code} {message.strip()}")
OSError: Tunnel connection failed: 403 Tunnel or SSL Forbidden

The above exception was the direct cause of the following exception:

urllib3.exceptions.ProxyError: ('Unable to connect to proxy', OSError('Tunnel connection failed: 403 Tunnel or SSL Forbidden'))

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\requests\adapters.py", line 667, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\urllib3\connectionpool.py", line 843, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\urllib3\util\retry.py", line 519, in increment
raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='http', port=443): Max retries exceeded with url: /adfsu.ccbb.hk/adfs/ls/idpinitiatedsignon.htm?loginToRp=urn:amazon:webservices/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices (Caused by ProxyError('Unable to connect to proxy', OSError('Tunnel connection failed: 403 Tunnel or SSL Forbidden')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "", line 198, in _run_module_as_main
File "", line 88, in run_code
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Scripts\aws-adfs.exe_main.py", line 7, in
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\click\core.py", line 1157, in call
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\click\core.py", line 1078, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\click\core.py", line 1688, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\click\core.py", line 1434, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\click\core.py", line 783, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\aws_adfs\login.py", line 225, in login
principal_roles, assertion, aws_session_duration = authenticator.authenticate(config, assertfile=assertfile)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\aws_adfs\authenticator.py", line 19, in authenticate
response, session = html_roles_fetcher.fetch_html_encoded_roles(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\aws_adfs\html_roles_fetcher.py", line 103, in fetch_html_encoded_roles
response = session.post(
^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\requests\sessions.py", line 637, in post
return self.request("POST", url, data=data, json=json, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\requests\sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\requests\sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\user1\AppData\Local\Programs\Python\Python312\Lib\site-packages\requests\adapters.py", line 694, in send
raise ProxyError(e, request=request)
requests.exceptions.ProxyError: HTTPSConnectionPool(host='http', port=443): Max retries exceeded with url: /adfsu.ccbb.hk/adfs/ls/idpinitiatedsignon.htm?loginToRp=urn:amazon:webservices/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices (Caused by ProxyError('Unable to connect to proxy', OSError('Tunnel connection failed: 403 Tunnel or SSL Forbidden')))

[mattmauriello]

May be too late to help, but the adfs-host parameter is expecting a host, not a url
try with:
--adfs-host "adfsu.ccbb.hk"

[zmanhogmail]

Thank you so much for your reply, I am using saml for my case now. Cheers Yours, manho

…

On Wed, 23 Oct 2024 at 02:26, mattmauriello ***@***.***> wrote: May be too late to help, but the adfs-host parameter is expecting a host, not a url try with: --adfs-host "adfsu.ccbb.hk" — Reply to this email directly, view it on GitHub <#437 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A3TKBD2RSCDOBK5COXUE2YDZ42KGTAVCNFSM6AAAAABORDZSASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRZHE3DIMJWGI> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>