using access_id and secret_key provided from aws-adfs not possible

Question

We need to authenticate against aws through AD, and after that use the provided access_key_id and secret_key to login and get data from bucket.

Were using a tool aws-adfs: when i login with this tool

aws-adfs login --adfs-host=adfs.ccta.dk --region=eu-west-1

I got

Prepared ADFS configuration as follows:
        * AWS CLI profile                   : 'default'
        * AWS region                        : 'eu-west-1'
        * Output format                     : 'json'
        * SSL verification of ADFS Server   : 'ENABLED'
        * Selected role_arn                 : 'arn:aws:iam::xxxxxxxxxxxx:role/system/AWS-IAM-User-Dev'
        * ADFS Server                       : 'adfs.myhost.dk'
        * ADFS Session Duration in seconds  : '3600'
        * Provider ID                       : 'urn:amazon:webservices'
        * S3 Signature Version              : 'None'
        * STS Session Duration in seconds   : '3600'

This will create og rewrite my credentialsfile whicj is located in ~/.aws/credentials Where the access_id and the secret_key is written.

Now if i take those keys and try to login with S3Browser, WinScp,NIFI i get this error:

The AWS Access Key Id you provided does not exist in our records.
Extra Details: AWSAccessKeyId: ASIAYDAE4M4FUVMMVDOS,  RequestId:878A7AE9A92E944C, HostId:10gy1wLA3BO3mc2PFPpn75IC6XbdhLKsANQzHC6UGwZU/xpM3o5foeFO0E+8vNMQVeCSkrtUUjY=

The Admin of the AWS belongs to a client where we should poll data from so we have not configured it.

If i just login with adfs and listing files from my buclet using awscli it works fine.

aws s3 ls s3://bucketname

Answer 1

I managed to find out that when using STS SECURITY TOKEN SERVICE, it is not enough just use access_key_id and seckret_key. You also need to provide session_token and security_token.