From b23c2b40c93cc10d4601651d251e2bc9d4f8ba8c Mon Sep 17 00:00:00 2001 From: cthrasher Date: Mon, 21 Oct 2019 16:18:51 -0400 Subject: [PATCH 1/2] Update script.js --- background/script.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/background/script.js b/background/script.js index cbf6fcb..a4da91e 100644 --- a/background/script.js +++ b/background/script.js @@ -36,7 +36,7 @@ function addOnBeforeRequestEventListener() { } else { chrome.webRequest.onBeforeRequest.addListener( onBeforeRequestEvent, - {urls: ["https://signin.aws.amazon.com/saml"]}, + {urls: ["https://signin.aws.amazon.com/saml","https://signin.amazonaws-us-gov.com/saml"]}, ["requestBody"] ); if (DebugLogs) console.log('DEBUG: onBeforeRequest Listener added'); @@ -150,9 +150,9 @@ function onBeforeRequestEvent(details) { // from this argument and uses it to call the AWS STS assumeRoleWithSAML API. function extractPrincipalPlusRoleAndAssumeRole(samlattribute, SAMLAssertion, SessionDuration) { // Pattern for Role - var reRole = /arn:aws:iam:[^:]*:[0-9]+:role\/[^,]+/i; + var reRole = /arn:(aws|aws-us-gov):iam:[^:]*:[0-9]+:role\/[^,]+/i; // Patern for Principal (SAML Provider) - var rePrincipal = /arn:aws:iam:[^:]*:[0-9]+:saml-provider\/[^,]+/i; + var rePrincipal = /arn:(aws|aws-us-gov):iam:[^:]*:[0-9]+:saml-provider\/[^,]+/i; // Extraxt both regex patterns from SAMLAssertion attribute RoleArn = samlattribute.match(reRole)[0]; PrincipalArn = samlattribute.match(rePrincipal)[0]; From b920887d4b8ff787ee3fd45ba3f9feaa1629e232 Mon Sep 17 00:00:00 2001 From: cthrasher Date: Tue, 22 Oct 2019 12:30:17 -0400 Subject: [PATCH 2/2] Update script.js Adding wildcard before 'signin' in 'urls' to accommodate possibility of SAML URL including the region (as witnessed via a SAML tracer add-on). --- background/script.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/background/script.js b/background/script.js index a4da91e..e588309 100644 --- a/background/script.js +++ b/background/script.js @@ -36,7 +36,7 @@ function addOnBeforeRequestEventListener() { } else { chrome.webRequest.onBeforeRequest.addListener( onBeforeRequestEvent, - {urls: ["https://signin.aws.amazon.com/saml","https://signin.amazonaws-us-gov.com/saml"]}, + {urls: ["https://*signin.aws.amazon.com/saml","https://*signin.amazonaws-us-gov.com/saml"]}, ["requestBody"] ); if (DebugLogs) console.log('DEBUG: onBeforeRequest Listener added');