How to specify username/ password when using aws-adfs in command prompt

Question

In Linux, the following commands work just fine where we specify a username and password to the envrioment variables and have them used in aws-adfs using '--env" switch

Linux .sh
        export username=<my_username>
        export password=<my_pass>
aws-adfs login --region <region> --adfs-host <adfs-host> --role-arn <Role> --env --no-sspi --profile <local-profile-name>

On Windows using cmd, I can't get the "--env" to work. Regardless of what I've tried here, it will always use my AD logged-in user and not the user/password of my second account which I want to use.

Windows:
(aws-adfs) C:\>set username="my_username"
(aws-adfs) C:\>set password="my_password"
aws-adfs login --region <region> --adfs-host <adfs-host> --role-arn <Role> --env --profile <local-profile-name>


Powershell:
$env:username = 'my_username'
$env:password = 'my_password'
dir env:
aws-adfs login --region <region> --adfs-host <adfs-host> --role-arn <Role> --env --profile <local-profile-name>

Does anyone know how to get one of the following working in cmd while using aws-adfs?

 --env                           Read username, password from environment
                                  variables (username and password).
  --stdin                         Read username, password from standard input
                                  separated by a newline.
  --authfile TEXT                 Read username, password from a local file
                                  (optional)

UPDATE:

from the comments below, the values for setting the username and password in a batch file work.

set "username=my_username"
set "password=my_password"

However, we appear to have a bug with aws-adfs where you are also required to use the full email address for the username on windows but in Linux, just the username works

Answer 1

There is predefined on Windows the environment variable USERNAME with all letters in upper case which holds the name of the user account, see the Wikipedia chapter Windows Environment Variables for more information about the predefined environment variables on Windows.

aws-adfs of version 2.0.1 does not require on Windows that the environment variable username is defined with all letters in lower case. Environment variable names are case-sensitive on Linux where it is possible to define an environment variable USERNAME and additionally also an environment variable username.

There could be used in a Windows command prompt window:

set "username="
set "username=my_username@mail.com"
set "password="
set "password=my_password"

There is deleted first case-insensitive the environment variable USERNAME and next defined the environment variable username with all letters in lower case with the string between the equal sign and the double quote character at the end. The redefinition of an existing environment variable does not change the case of the letters of the variable name. The user name being usually an email address should be defined completely.

Then is deleted case-insensitive the environment variable password being perhaps defined by chance and redefined with name password with all letters in lower case with the string value between = and " at end of the command line.

Please read my answer on Why is no string output with 'echo %var%' after using 'set var = text' on command line? It makes a big difference for the Windows command set on first " being at beginning of the argument string of command SET left to the variable name or at beginning of the string value after the equal sign. set username="my_username" assigns the string "my_username" with both double quotes and with by mistake entered trailing whitespaces to the environment variable username which would be definitely not good in this use case. A user name string with " is definitely not working.

But it is also possible in a Windows command prompt window using just:

set "username=my_username@mail.com"
set "password=my_password"

The string value of the environment variable USERNAME is in this case updated with the string my_username@mail.com. The variable name is not changed although writing the name completely in lower case in the command prompt window.

In a PowerShell console window should be done the same with:

 $Env:username = ''
 $Env:username = 'my_username@mail.com'
 $Env:password = ''
 $Env:password = 'my_password'

Or there is used just:

 $Env:username = 'my_username@mail.com'
 $Env:password = 'my_password'

See the Microsoft documentation about Environment Variables - PowerShell.

The modifications made on the environment variables list are the same as done with command SET in the Windows command prompt window.

In would be good to define the two environment variables in a Windows batch file in a separate local execution environment as done with:

@echo off
setlocal EnableExtensions DisableDelayedExpansion
set "username=my_username@mail.com"
set "password=my_password"
aws-adfs login --region "region" --adfs-host "adfs-host" --role-arn "Role" --env --profile "local-profile-name"
endlocal

The command SETLOCAL creates a new environment variables list as a copy of the current environment variables list. In this new list the environment variables USERNAME and (if exiting at all) password are updated or created new with the correct string values. Then aws-adfs is executed using the two environment variables. Finally the command ENDLOCAL discards the just used list of environment variables with the variables USERNAME and password and restores the previous environment variables list with the variable USERNAME with the string value as defined by default for the current account by the Windows shell.

Read this answer for details about the commands SETLOCAL and ENDLOCAL.