Issues after moving to Microsoft Entra based SSO Federated logon

**Describe the bug**
My company has recently moved the AWS SSO Federated login (I have access to 3 different accounts) from the AWS based method to one based on Microsoft Entra. 

Since then I have to take several steps to get the plugin to authenticate. My config and credentials files are set up correctly. **I can successfully login via the cli using the aws sso login --profile <profile>.** The SSO web page opens and I'm able to log in successfully with my user/pass and authenticator token. 

Eventually, I end up having to delete the json files in .aws/sso/cache to get the plugin to authenticate. Note that I'm also using Q Developer, but it seems to be OK and allows me to re-authenticate when that session times out. 

I also get a plugin Runtime exception error when I launch the IDE. (Stacktrace below).

**To reproduce**
What my profiles look like before attempting to authenticate:
<img width="682" height="568" alt="Image" src="https://github.com/user-attachments/assets/a9eceb9d-fc74-4c78-9af5-ef575f7d38ac" />

However, when I click on Add IAM Credentials there are no profiles available in the drop down list:

<img width="1036" height="339" alt="Image" src="https://github.com/user-attachments/assets/1bcf0ef0-a735-4cf6-858a-998f7ea1ea01" />

Or sometimes, depending on the profile I'll see:

<img width="483" height="648" alt="Image" src="https://github.com/user-attachments/assets/76e697b0-0e5c-4cec-a3ee-14f0e61db125" />

Clicking on the "Add Another Connection" brings up the "Choose a sign-in option:", and I'm able to use the Workforce button to sign in, but this create a new profile/sso session in config and another entry in config. Of course, when that session times out, I have to follow the same process, and end up having several dead profiles.

Note - Prior to this, I did reach out to the group that manages our SSO/AWS Federated login configuration, and was told that if it works via CLI then there's no problem on their end. Also, it seems I'm the only person that uses the plugin - by the nature of what my department does, we do much of our own AWS management. 

**Expected behavior**
Be able to log in via the same process as if we were still using the AWS based SSO mechanism.

**Screenshots**
Embedded above

**Your Environment**
- OS: Debian Trixie
- JetBrains product: Intellij, WebStorm, DataGrip
- JetBrains product version: Intellij - 2025.2.4, WebStorm 2025.2.4, DataGrip 2025.2.4
- AWS Toolkit version: Toolkit/Core - 3.97.252, Amazon Q 3.97.252
- SAM CLI version: 1.145.2
- AWS CLI version aws-cli/2.29.0 Python/3.13.7 Linux/6.12.48+deb13-amd64 exe/x86_64.debian.13
- JVM/Python version: Intellij default - 21.0.8+9-1038.73-jcef

**Additional context**
Plugin error Stacktrace
`
java.lang.RuntimeException: Configure AWS Connection
	at software.aws.toolkits.jetbrains.core.execution.AwsConnectionRunConfigurationExtension.getConnection(AwsConnectionExtension.kt:99)
	at software.aws.toolkits.jetbrains.core.execution.AwsConnectionRunConfigurationExtension.validateConfiguration(AwsConnectionExtension.kt:73)
	at software.aws.toolkits.jetbrains.core.execution.JavaAwsConnectionExtension.validateConfiguration(JavaAwsConnectionExtension.kt:56)
	at com.intellij.execution.configuration.RunConfigurationExtensionsManager.validateConfiguration(RunConfigurationExtensionsManager.kt:160)
	at com.intellij.execution.JavaRunConfigurationExtensionManager$Companion.checkConfigurationIsValid(JavaRunConfigurationExtensionManager.kt:31)
	at com.intellij.execution.JavaRunConfigurationExtensionManager.checkConfigurationIsValid(JavaRunConfigurationExtensionManager.kt)
	at com.intellij.spring.boot.run.SpringBootApplicationRunConfiguration.checkConfiguration(SpringBootApplicationRunConfiguration.java:143)
	at com.intellij.execution.impl.RunnerAndConfigurationSettingsImpl.checkSettings$lambda$10(RunnerAndConfigurationSettingsImpl.kt:363)
	at com.intellij.openapi.application.impl.NonBlockingReadActionImpl$OTelMonitor.callWrapped(NonBlockingReadActionImpl.java:876)
	at com.intellij.openapi.application.impl.NonBlockingReadActionImpl$OTelMonitor$MonitoredComputation.call(NonBlockingReadActionImpl.java:908)
	at com.intellij.openapi.application.impl.NonBlockingReadActionImpl$Submission.insideReadAction(NonBlockingReadActionImpl.java:636)
	at com.intellij.openapi.application.impl.NonBlockingReadActionImpl$Submission.attemptComputation(NonBlockingReadActionImpl.java:583)
	at com.intellij.openapi.application.impl.NonBlockingReadActionImpl$Submission.executeSynchronously(NonBlockingReadActionImpl.java:523)
	at com.intellij.openapi.application.impl.NonBlockingReadActionImpl.executeSynchronously(NonBlockingReadActionImpl.java:226)
	at com.intellij.execution.impl.RunnerAndConfigurationSettingsImpl.checkSettings(RunnerAndConfigurationSettingsImpl.kt:370)
	at com.intellij.execution.RunnerAndConfigurationSettings.checkSettings(RunnerAndConfigurationSettings.java:188)
	at com.intellij.execution.impl.RunConfigurationIconAndInvalidCache.recalculateIcon$lambda$1(RunConfigurationIconAndInvalidCache.kt:67)
	at com.intellij.openapi.application.impl.NonBlockingReadActionImpl$OTelMonitor.callWrapped(NonBlockingReadActionImpl.java:876)
	at com.intellij.openapi.application.impl.NonBlockingReadActionImpl$OTelMonitor$MonitoredComputation.call(NonBlockingReadActionImpl.java:908)
	at com.intellij.openapi.application.impl.NonBlockingReadActionImpl$Submission.insideReadAction(NonBlockingReadActionImpl.java:636)
	at com.intellij.openapi.application.impl.NonBlockingReadActionImpl$Submission.lambda$attemptComputation$3(NonBlockingReadActionImpl.java:599)
	at com.intellij.platform.locking.impl.NestedLocksThreadingSupport.tryRunReadAction(NestedLocksThreadingSupport.kt:826)
	at com.intellij.openapi.application.impl.ApplicationImpl.tryRunReadAction(ApplicationImpl.java:1221)
	at com.intellij.openapi.progress.util.ProgressIndicatorUtils.lambda$runInReadActionWithWriteActionPriority$0(ProgressIndicatorUtils.java:95)
	at com.intellij.openapi.progress.util.ProgressIndicatorUtilService.runActionAndCancelBeforeWrite(ProgressIndicatorUtilService.java:73)
	at com.intellij.openapi.progress.util.ProgressIndicatorUtils.runActionAndCancelBeforeWrite(ProgressIndicatorUtils.java:152)
	at com.intellij.openapi.progress.util.ProgressIndicatorUtils.lambda$runWithWriteActionPriority$1(ProgressIndicatorUtils.java:140)
	at com.intellij.openapi.progress.ProgressManager.lambda$runProcess$0(ProgressManager.java:98)
	at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$1(CoreProgressManager.java:229)
	at com.intellij.platform.diagnostic.telemetry.helpers.TraceKt.use(trace.kt:44)
	at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:228)
	at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$executeProcessUnderProgress$14(CoreProgressManager.java:681)
	at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:756)
	at com.intellij.openapi.progress.impl.CoreProgressManager.computeUnderProgress(CoreProgressManager.java:712)
	at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:680)
	at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:78)
	at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:209)
	at com.intellij.openapi.progress.ProgressManager.runProcess(ProgressManager.java:98)
	at com.intellij.openapi.progress.util.ProgressIndicatorUtils.runWithWriteActionPriority(ProgressIndicatorUtils.java:137)
	at com.intellij.openapi.progress.util.ProgressIndicatorUtils.runInReadActionWithWriteActionPriority(ProgressIndicatorUtils.java:95)
	at com.intellij.openapi.application.impl.NonBlockingReadActionImpl$Submission.attemptComputation(NonBlockingReadActionImpl.java:599)
	at com.intellij.openapi.application.impl.NonBlockingReadActionImpl$Submission.lambda$transferToBgThread$1(NonBlockingReadActionImpl.java:485)
	at com.intellij.util.concurrency.BoundedTaskExecutor.doRun(BoundedTaskExecutor.java:248)
	at com.intellij.util.concurrency.BoundedTaskExecutor.access$200(BoundedTaskExecutor.java:27)
	at com.intellij.util.concurrency.BoundedTaskExecutor$1.executeFirstTaskAndHelpQueue(BoundedTaskExecutor.java:226)
	at com.intellij.util.concurrency.BoundedTaskExecutor$1.run(BoundedTaskExecutor.java:214)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:735)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:732)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:400)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:732)
	at java.base/java.lang.Thread.run(Thread.java:1583)
`


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Issues after moving to Microsoft Entra based SSO Federated logon #6094

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issues after moving to Microsoft Entra based SSO Federated logon #6094

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions