I'm trying to sign an amazon sts token request to get temporary access to my S3 account. I've been following the instructions for Signature Version 4 with no luck.
I am constantly getting this message back from amazon sts.
<Code>IncompleteSignature</Code>
<Message>Request must contain a signature that conforms to AWS standards</Message>
Here is the url request that I am sending.
https://sts.amazonaws.com/?AWSAccessKeyId=**********&Action=GetFederationToken&DurationSeconds=3600&SignatureMethod=HmacSHA256&SignatureVersion=4&Timestamp=2013-04-23T19:01:00Z&Version=2011-06-15&Signature=2fc3dc902a20a5aa25c3191f2aa6513088e11596082b6a563b00dc5ea4b8bfa0
Following the steps for Signature Version 4 this is how I calculated the signature.
http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
Task 1:
GET\n
/\n
AWSAccessKeyId=<Access Key Removed>&
Action=GetFederationToken&
DurationSeconds=3600&
SignatureMethod=HmacSHA256&
SignatureVersion=4&
Timestamp=2013-04-23T19:01:00Z&
Version=2011-06-15\n
host:sts.amazonaws.com\n
host\n
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Task 2:
AWS4-HMAC-SHA256\n
20130423T190100Z\n
20130423/us-gov-west-1/sts/aws4_request\n
5e769aeb49a050fd7cd1035122712098fd83220ea42a0d9871f0ff2fa622b1c6
Task 3:
Signature: 2fc3dc902a20a5aa25c3191f2aa6513088e11596082b6a563b00dc5ea4b8bfa0
Any help would be greatly appreciated I've been working on this with no luck so far. Thanks in advance :)
Just making a note here I was finally able to get a token by altering my request. In case this will help anyone else who is having the same problem. I was not able to find much help in the documentation but by continually modifying my request I was finally able to get helpful error messages back from the server. The most important message was the final one which gives you exactly what the request signature and string to sign should be.
This specifically applies to retrieving a federation token from Amazon Secure Token Service.
The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
The Canonical String for this request should have been
'GET
/
Action=GetFederationToken&Version=2011-06-15&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAXXXXXXXXXWIQ%2F20130424%2Fus-east-1%2Fsts%2Faws4_request&X-Amz-Date=20130424T183200Z&X-Amz-SignedHeaders=host%3Bx-amz-date
host:sts.amazonaws.com
x-amz-date:
host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
The String-to-Sign should have been
'AWS4-HMAC-SHA256
20130424T183200Z
20130424/us-east-1/sts/aws4_request
3eb22aba7f25dd4e01be888added6f74db579bdf0d066d2b1f75779a25b1300d'
And here is the URL that was used.
https://sts.amazonaws.com/?Action=GetFederationToken&Name=Megan&Version=2011-06-15&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIXXXXXXXXXXWIQ%2F20130424%2Fus-east-1%2Fsts%2Faws4_request&X-Amz-Date=20130424T183200Z&X-Amz-SignedHeaders=host%3Bx-amz-date&X-Amz-Signature=db754013466768c11a86a610796faad6a041bcad9d83f4c958cac82988d2f7d7