Difference between revisions of "Saml2aws login"
Jump to navigation
Jump to search
Line 3: | Line 3: | ||
[[saml2aws login]] | [[saml2aws login]] | ||
[[saml2aws login]] --verbose | [[saml2aws login]] --verbose | ||
+ | |||
+ | == help == | ||
+ | <pre> | ||
+ | saml2aws login --help | ||
+ | usage: saml2aws login [<flags>] | ||
+ | |||
+ | Login to a SAML 2.0 IDP and convert the SAML assertion to an STS token. | ||
+ | |||
+ | Flags: | ||
+ | --help Show context-sensitive help (also try --help-long and --help-man). | ||
+ | --version Show application version. | ||
+ | --verbose Enable verbose logging | ||
+ | --quiet silences logs | ||
+ | -i, --provider=PROVIDER This flag is obsolete. See: https://github.com/Versent/saml2aws#configuring-idp-accounts | ||
+ | --config=CONFIG Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE) | ||
+ | -a, --idp-account="default" The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT) | ||
+ | --idp-provider=IDP-PROVIDER | ||
+ | The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER) | ||
+ | --browser-type=BROWSER-TYPE | ||
+ | The configured browser type when the IDP provider is set to Browser. if not set | ||
+ | 'chromium' will be used. (env: SAML2AWS_BROWSER_TYPE) | ||
+ | --browser-executable-path=BROWSER-EXECUTABLE-PATH | ||
+ | The configured browser full path when the IDP provider is set to Browser. If set, | ||
+ | no browser download will be performed and the executable path will be used instead. (env: | ||
+ | SAML2AWS_BROWSER_EXECUTABLE_PATH) | ||
+ | --browser-autofill Configures browser to autofill the username and password. (env: | ||
+ | SAML2AWS_BROWSER_AUTOFILL) | ||
+ | --mfa=MFA The name of the mfa. (env: SAML2AWS_MFA) | ||
+ | -s, --skip-verify Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY) | ||
+ | --url=URL The URL of the SAML IDP server used to login. (env: SAML2AWS_URL) | ||
+ | --username=USERNAME The username used to login. (env: SAML2AWS_USERNAME) | ||
+ | --password=PASSWORD The password used to login. (env: SAML2AWS_PASSWORD) | ||
+ | --mfa-token=MFA-TOKEN The current MFA token (supported in Keycloak, ADFS, GoogleApps). (env: | ||
+ | SAML2AWS_MFA_TOKEN) | ||
+ | --role=ROLE The ARN of the role to assume. (env: SAML2AWS_ROLE) | ||
+ | --aws-urn=AWS-URN The URN used by SAML when you login. (env: SAML2AWS_AWS_URN) | ||
+ | --skip-prompt Skip prompting for parameters during login. | ||
+ | --session-duration=SESSION-DURATION | ||
+ | The duration of your AWS Session. (env: SAML2AWS_SESSION_DURATION) | ||
+ | --disable-keychain Do not use keychain at all. This will also disable Okta sessions & remembering MFA | ||
+ | device. (env: SAML2AWS_DISABLE_KEYCHAIN) | ||
+ | -r, --region=REGION AWS region to use for API requests, e.g. us-east-1, us-gov-west-1, cn-north-1 (env: | ||
+ | SAML2AWS_REGION) | ||
+ | --prompter=PROMPTER The prompter to use for user input (default, pinentry) | ||
+ | -p, --profile=PROFILE The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE) | ||
+ | --duo-mfa-option=DUO-MFA-OPTION | ||
+ | The MFA option you want to use to authenticate with (supported providers: okta). (env: | ||
+ | SAML2AWS_DUO_MFA_OPTION) | ||
+ | --client-id=CLIENT-ID OneLogin client id, used to generate API access token. (env: ONELOGIN_CLIENT_ID) | ||
+ | --client-secret=CLIENT-SECRET | ||
+ | OneLogin client secret, used to generate API access token. (env: ONELOGIN_CLIENT_SECRET) | ||
+ | --mfa-ip-address=MFA-IP-ADDRESS | ||
+ | IP address whitelisting defined in OneLogin MFA policies. (env: ONELOGIN_MFA_IP_ADDRESS) | ||
+ | --force Refresh credentials even if not expired. | ||
+ | --credential-process Enables AWS Credential Process support by outputting credentials to STDOUT in a JSON | ||
+ | message. | ||
+ | --credentials-file=CREDENTIALS-FILE | ||
+ | The file that will cache the credentials retrieved from AWS. When not specified, will use | ||
+ | the default AWS credentials file location. (env: SAML2AWS_CREDENTIALS_FILE) | ||
+ | --cache-saml Caches the SAML response (env: SAML2AWS_CACHE_SAML) | ||
+ | --cache-file=CACHE-FILE The location of the SAML cache file (env: SAML2AWS_SAML_CACHE_FILE) | ||
+ | --download-browser-driver Automatically download browsers for Browser IDP. (env: SAML2AWS_AUTO_BROWSER_DOWNLOAD) | ||
+ | --disable-sessions Do not use Okta sessions. Uses Okta sessions by default. (env: | ||
+ | SAML2AWS_OKTA_DISABLE_SESSIONS) | ||
+ | --disable-remember-device Do not remember Okta MFA device. Remembers MFA device by default. (env: | ||
+ | SAML2AWS_OKTA_DISABLE_REMEMBER_DEVICE) | ||
+ | </pre> | ||
== Errors == | == Errors == |
Revision as of 07:07, 23 May 2024
saml2aws login saml2aws login --verbose
help
saml2aws login --help usage: saml2aws login [<flags>] Login to a SAML 2.0 IDP and convert the SAML assertion to an STS token. Flags: --help Show context-sensitive help (also try --help-long and --help-man). --version Show application version. --verbose Enable verbose logging --quiet silences logs -i, --provider=PROVIDER This flag is obsolete. See: https://github.com/Versent/saml2aws#configuring-idp-accounts --config=CONFIG Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE) -a, --idp-account="default" The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT) --idp-provider=IDP-PROVIDER The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER) --browser-type=BROWSER-TYPE The configured browser type when the IDP provider is set to Browser. if not set 'chromium' will be used. (env: SAML2AWS_BROWSER_TYPE) --browser-executable-path=BROWSER-EXECUTABLE-PATH The configured browser full path when the IDP provider is set to Browser. If set, no browser download will be performed and the executable path will be used instead. (env: SAML2AWS_BROWSER_EXECUTABLE_PATH) --browser-autofill Configures browser to autofill the username and password. (env: SAML2AWS_BROWSER_AUTOFILL) --mfa=MFA The name of the mfa. (env: SAML2AWS_MFA) -s, --skip-verify Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY) --url=URL The URL of the SAML IDP server used to login. (env: SAML2AWS_URL) --username=USERNAME The username used to login. (env: SAML2AWS_USERNAME) --password=PASSWORD The password used to login. (env: SAML2AWS_PASSWORD) --mfa-token=MFA-TOKEN The current MFA token (supported in Keycloak, ADFS, GoogleApps). (env: SAML2AWS_MFA_TOKEN) --role=ROLE The ARN of the role to assume. (env: SAML2AWS_ROLE) --aws-urn=AWS-URN The URN used by SAML when you login. (env: SAML2AWS_AWS_URN) --skip-prompt Skip prompting for parameters during login. --session-duration=SESSION-DURATION The duration of your AWS Session. (env: SAML2AWS_SESSION_DURATION) --disable-keychain Do not use keychain at all. This will also disable Okta sessions & remembering MFA device. (env: SAML2AWS_DISABLE_KEYCHAIN) -r, --region=REGION AWS region to use for API requests, e.g. us-east-1, us-gov-west-1, cn-north-1 (env: SAML2AWS_REGION) --prompter=PROMPTER The prompter to use for user input (default, pinentry) -p, --profile=PROFILE The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE) --duo-mfa-option=DUO-MFA-OPTION The MFA option you want to use to authenticate with (supported providers: okta). (env: SAML2AWS_DUO_MFA_OPTION) --client-id=CLIENT-ID OneLogin client id, used to generate API access token. (env: ONELOGIN_CLIENT_ID) --client-secret=CLIENT-SECRET OneLogin client secret, used to generate API access token. (env: ONELOGIN_CLIENT_SECRET) --mfa-ip-address=MFA-IP-ADDRESS IP address whitelisting defined in OneLogin MFA policies. (env: ONELOGIN_MFA_IP_ADDRESS) --force Refresh credentials even if not expired. --credential-process Enables AWS Credential Process support by outputting credentials to STDOUT in a JSON message. --credentials-file=CREDENTIALS-FILE The file that will cache the credentials retrieved from AWS. When not specified, will use the default AWS credentials file location. (env: SAML2AWS_CREDENTIALS_FILE) --cache-saml Caches the SAML response (env: SAML2AWS_CACHE_SAML) --cache-file=CACHE-FILE The location of the SAML cache file (env: SAML2AWS_SAML_CACHE_FILE) --download-browser-driver Automatically download browsers for Browser IDP. (env: SAML2AWS_AUTO_BROWSER_DOWNLOAD) --disable-sessions Do not use Okta sessions. Uses Okta sessions by default. (env: SAML2AWS_OKTA_DISABLE_SESSIONS) --disable-remember-device Do not remember Okta MFA device. Remembers MFA device by default. (env: SAML2AWS_OKTA_DISABLE_REMEMBER_DEVICE)
Errors
Error authenticating to IdP.: error loading first page: failed to build login form data: could not find any forms matching the provided IDs
Error authenticating to IdP.: page is missing saml assertion
See also
Advertising: