Difference between revisions of "Saml2aws"

From wikieduonline
Jump to navigation Jump to search
 
(13 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
{{lowercase}}
 
{{lowercase}}
 
<code>saml2aws</code> CLI tool which enables you to login and retrieve AWS temporary credentials using with [[ADFS]] or [[PingFederate]] [[Identity Providers]]
 
<code>saml2aws</code> CLI tool which enables you to login and retrieve AWS temporary credentials using with [[ADFS]] or [[PingFederate]] [[Identity Providers]]
 +
 +
> ADFS, [[ADFS2]], [[Akamai]], [[Auth0]], [[Authentik]], [[AzureAD]], [[Browser]], [[F5APM]], [[GoogleApps]], [[JumpCloud]], [[KeyCloak]], [[NetIQ]], [[Okta]], [[OneLogin]], [[Ping]], [[PingNTLM]], [[PingOne]], [[Shibboleth]], [[ShibbolethECP]]
 +
 
* https://github.com/Versent/saml2aws
 
* https://github.com/Versent/saml2aws
  
 
* Installation: <code>[[brew install saml2aws]]</code>
 
* Installation: <code>[[brew install saml2aws]]</code>
  
 
+
== Commands ==
 
  [[saml2aws --help]]
 
  [[saml2aws --help]]
 
  [[saml2aws help]]  
 
  [[saml2aws help]]  
 
  [[saml2aws configure]]  
 
  [[saml2aws configure]]  
 
  [[saml2aws login]]
 
  [[saml2aws login]]
 +
[[saml2aws login --idp-account]]
 
  [[saml2aws login]] --verbose
 
  [[saml2aws login]] --verbose
 
  [[saml2aws exec]]  
 
  [[saml2aws exec]]  
Line 16: Line 20:
 
  [[saml2aws script]]
 
  [[saml2aws script]]
  
 +
== Errors ==
 +
* <code>[[Could not find any forms matching the provided IDs]]</code>
 +
* <code>[[Error authenticating to IdP.: error loading first page: failed to build login form data: could not find any forms matching the provided IDs]]</code>
 +
* <code>[[Error: not_a_saml_app]]</code>
  
 +
== Related ==
 +
* [[Playwright]]
 +
* <code>[[download_browser_driver = true]]</code>
 +
* [[Versent]]
  
 
 
<pre>
 
usage: saml2aws [<flags>] <command> [<args> ...]
 
 
A command line tool to help with SAML access to the AWS token service.
 
 
Flags:
 
      --help                  Show context-sensitive help (also try --help-long and --help-man).
 
      --version                Show application version.
 
      --verbose                Enable verbose logging
 
      --quiet                  silences logs
 
  -i, --provider=PROVIDER      This flag is obsolete. See: https://github.com/Versent/saml2aws#configuring-idp-accounts
 
      --config=CONFIG          Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE)
 
  -a, --idp-account="default"  The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT)
 
      --idp-provider=IDP-PROVIDER
 
                              The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER)
 
      --browser-type=BROWSER-TYPE
 
                              The configured browser type when the IDP provider is set to Browser. if not set 'chromium' will be used. (env: SAML2AWS_BROWSER_TYPE)
 
      --browser-executable-path=BROWSER-EXECUTABLE-PATH
 
                              The configured browser full path when the IDP provider is set to Browser. If set, no browser download will be performed and the
 
                              executable path will be used instead. (env: SAML2AWS_BROWSER_EXECUTABLE_PATH)
 
      --browser-autofill      Configures browser to autofill the username and password. (env: SAML2AWS_BROWSER_AUTOFILL)
 
      --mfa=MFA                The name of the mfa. (env: SAML2AWS_MFA)
 
  -s, --skip-verify            Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY)
 
      --url=URL                The URL of the SAML IDP server used to login. (env: SAML2AWS_URL)
 
      --username=USERNAME      The username used to login. (env: SAML2AWS_USERNAME)
 
      --password=PASSWORD      The password used to login. (env: SAML2AWS_PASSWORD)
 
      --mfa-token=MFA-TOKEN    The current MFA token (supported in Keycloak, ADFS, GoogleApps). (env: SAML2AWS_MFA_TOKEN)
 
      --role=ROLE              The ARN of the role to assume. (env: SAML2AWS_ROLE)
 
      --aws-urn=AWS-URN        The URN used by SAML when you login. (env: SAML2AWS_AWS_URN)
 
      --skip-prompt            Skip prompting for parameters during login.
 
      --session-duration=SESSION-DURATION
 
                              The duration of your AWS Session. (env: SAML2AWS_SESSION_DURATION)
 
      --disable-keychain      Do not use keychain at all. This will also disable Okta sessions & remembering MFA device. (env: SAML2AWS_DISABLE_KEYCHAIN)
 
  -r, --region=REGION          AWS region to use for API requests, e.g. us-east-1, us-gov-west-1, cn-north-1 (env: SAML2AWS_REGION)
 
      --prompter=PROMPTER      The prompter to use for user input (default, pinentry)
 
 
Commands:
 
  help [<command>...]
 
    Show help.
 
 
  configure [<flags>]
 
    Configure a new IDP account.
 
 
  login [<flags>]
 
    Login to a SAML 2.0 IDP and convert the SAML assertion to an STS token.
 
 
  exec [<flags>] [<command>...]
 
    Exec the supplied command with env vars from STS token.
 
 
  console [<flags>]
 
    Console will open the aws console after logging in.
 
 
  list-roles [<flags>]
 
    List available role ARNs.
 
 
  script [<flags>]
 
    Emit a script that will export environment variables.
 
</pre>
 
 
 
 
== See also ==
 
== See also ==
 
* {{saml2aws}}
 
* {{saml2aws}}
 
* {{SAML}}
 
* {{SAML}}
* {{AWS}}
+
* {{AWS STS}}
  
 
[[Category:SAML]]
 
[[Category:SAML]]

Latest revision as of 14:51, 28 July 2024

Advertising: