Inscrutable error from okta-aws

I’m trying to use this tool:

I signed up for this forum because the README there directed me to here. I am not an “okta developer” nor am I developing apps for use with okta. I am working at a company that uses okta and I’m trying to set up CLI tools that work with okta, but I do not have okta admin access in our organization.

With that out of the way, I installed and configured that tool according to the instruction. I had to ask other people for the Okta AWS app’s URL. We actually have multiple AWS apps in our Okta, and I was initially able to find the app URL for one of those on internal documentation and tried that one.

~% okta-aws test sts get-caller-identity
Username: _I entered my okta username_
Password:

Push Factor Authentication
Waiting for you to approve the Okta push notification on your device...
Waiting for you to approve the Okta push notification on your device...
Waiting for you to approve the Okta push notification on your device...
Exception in thread "main" java.lang.IllegalStateException: Sorry, you can't access AWS (Prod) because you are not assigned this app in Okta.

That’s fine, because I am indeed not assigned that app in Okta. So this was a proof of concept to get that far. Next, I gave the instructions for how to get the app URL to one of our admins and asked him for the app URL for the AWS SSO app, which I do have in our Okta. But when I put that in the configuration file and tried again, this happened:

~% okta-aws test sts get-caller-identity
Exception in thread "main" java.util.NoSuchElementException
    at java.base/java.util.LinkedHashMap$LinkedHashIterator.nextNode(LinkedHashMap.java:721)
    at java.base/java.util.LinkedHashMap$LinkedEntryIterator.next(LinkedHashMap.java:751)
    at java.base/java.util.LinkedHashMap$LinkedEntryIterator.next(LinkedHashMap.java:749)
    at com.okta.tools.helpers.RoleHelper.chooseAwsRoleToAssume(RoleHelper.java:106)
    at com.okta.tools.OktaAwsCliAssumeRole.doRequest(OktaAwsCliAssumeRole.java:133)
    at com.okta.tools.OktaAwsCliAssumeRole.run(OktaAwsCliAssumeRole.java:102)
    at com.okta.tools.WithOkta.main(WithOkta.java:30)

What does this mean? What problem might be causing this?

It’s possible he gave me an incorrect app URL, but I don’t know enough to tell him that.

I’m guessing this line could be the issue but not exactly sure what the underlying issue is.

You might want to try out this tool as well