STS ,SAML and Java SDK Unable to load AWS credentials from any provider in the chain

Question

I am trying to get temp credentials for AWS from STS using a SAML requet(from ADFS). I have the SAML token, the role arn and principalARN. If I use this to login using AWS CLI they work. But using the same 3 with the Java SDK gives the following error.

Unable to load AWS credentials from any provider in the chain

Here is the Java code I am using.

AssumeRoleWithSAMLRequest samlreq =new AssumeRoleWithSAMLRequest().withPrincipalArn(principalARN).withRoleArn(roleARN).withSAMLAssertion(SAMLToken);

AWSSecurityTokenServiceClient stsclient = new AWSSecurityTokenServiceClient();

AssumeRoleWithSAMLResult tempcreds=stsclient.assumeRoleWithSAML(samlreq);

Any idea what I am doing wrong or missing?

Here is the Stack trace:

Exception in thread "main" com.amazonaws.AmazonClientException: Unable to load AWS credentials from any provider in the chain at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:117) at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1098) at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRoleWithSAML(AWSSecurityTokenServiceClient.java:575) at App.main(App.java:83)

Answer 1

I got it working finally had to add :

BasicAWSCredentials basicCreds=new BasicAWSCredentials("", "");
AWSSecurityTokenServiceClient stsclient = new AWSSecurityTokenServiceClient(basicCreds);   

Basically give the sts client a blank set of credentials.

Answer 2

The AWSSecurityTokenServiceClient is deprecated. The following code also works.

BasicAWSCredentials theAWSCredentials= new BasicAWSCredentials("","");
AWSCredentialsProvider theAWSCredentialsProvider = new AWSStaticCredentialsProvider(theAWSCredentials);
AWSSecurityTokenService theSecurityTokenService = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(theAWSCredentialsProvider).build();