Currently if I "aws-vault foobar" and don't have a foobar profile in my aws config file, a profile section will be added and written to the file. However, if I then /remove/ the credentials, the profile section remains despite being empty. The expected behavior from me would be that if the profile were still empty (that is, never filled with extra data by the user), then it would be removed.

I love the library and it has been very helpful for me.

Recently, my implementation of speakeasy.totp failed a penetration test. I wrote a writeup on my findings (with a code sample to show how common this can happen with a bad implementation+configuration).

The issue: please improve the documentation (especially arou

It would be helpful to have a comprehensive documentation of the endpoints to help configure Authelia correctly in real life environments.

What would you like to be added

Allow more url variations in "step certificate inspect".
e.g.

// this works
step certificate inspect https://www.google.com

// these don't
step certificate inspect https://www.google.com/
step certificate inspect www.google.com:443
step certificate inspect www.google.com

Why this is needed

More convenience

It might be useful to have a generic system for documenting anything within PrivacyIDEA. However that is a rather large undertaking.

See: #1814

We could have a table for documentation and then add links in this table where it links to.
But the questions would be

• where display the documentation
• to whom display the documention?
  • for users?
  • for admins?

In our environment, we auto generate a number of profiles and we use a comment

START of Generated Lines

To separate out the generated profiles from the non-generated one. Unfortunately, everytime we run the aws-mfa tool, it removes that comment.

This bastion host is bloody useful and will save our team an enormous effort, thanks!

I had a little trouble working out how to run this on ECS so I'm posting my cloudformation template here for anyone that is looking to do the same:

AWSTemplateFormatVersion: 2010-09-09
Description: Bastion

Parameters:

  KeyPairName:
    Description: >-
      Enter a Public/private key pair. If

There is no proper documentation to explain what are the values for accountState identity claim and what is the meaning of each value.

Decoding the SAMLResponse returned by IdPs is a pain during troubleshooting. We already process it in order to allow the -l flag to work to list roles associated with a SAML enabled profile. We should do something which will print the role ARN and principal ARN (maybe include RoleSessionName and SessionDuration too?) so that the info can be provided directly from the tool, and keep folks from

what

• Add example invocation

why

• We need this so we can soon enable automated continuous integration testing of module