Skip to main content

Getting AWS SSO to work with KeePass and Kee

The AWS SSO login page (such as those that come after the custom "acmeco.awsapps.com" domains) tend to be a bit problematic for full integration with Kee/KeePass2/. Here's my working configuration...

  • Kee
    • In the browser, go to the Kee options page
      • This can be found by clicking the Kee extension icon, click the menu icon, then click Options (gear icon)
    • Under Finding forms → Include List → Text field ID, append these options:
      ,awsui-input-2,awsui-input-0

  • KeePass
    • Edit your password entry
    • Go to Kee → Form fields
    • Alter the username entry...
      • Edit the KeePass username entry
      • Set the Id field to awsui-input-0 then click Ok
    • Create a text-type TOTP entry
      • Click Add
      • Set the Value field to {TOTP}
      • Set the Id field to awsui-input-2
      • Set the KeePass placeholders option to Enable then click Ok
    • Create a password-type TOTP entry
      • Click Add
      • Set the Value field to {TOTP}
      • Set the Type to Password
      • Set the Id field to awsui-input-2 then click Ok
    • Click OK to save the password entry
      Information
      It may seem odd that we are adding both a text and a password type entry. It appears that AWS uses both types depending on the SSO implementation. Using both entries covers both use cases.

Back to top