Difference between revisions of "Saml2aws"
Jump to navigation
Jump to search
Line 4: | Line 4: | ||
[[brew install saml2aws]] | [[brew install saml2aws]] | ||
+ | |||
+ | <pre> | ||
+ | saml2aws --help | ||
+ | usage: saml2aws [<flags>] <command> [<args> ...] | ||
+ | |||
+ | A command line tool to help with SAML access to the AWS token service. | ||
+ | |||
+ | Flags: | ||
+ | --help Show context-sensitive help (also try --help-long and --help-man). | ||
+ | --version Show application version. | ||
+ | --verbose Enable verbose logging | ||
+ | --quiet silences logs | ||
+ | -i, --provider=PROVIDER This flag is obsolete. See: https://github.com/Versent/saml2aws#configuring-idp-accounts | ||
+ | --config=CONFIG Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE) | ||
+ | -a, --idp-account="default" The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT) | ||
+ | --idp-provider=IDP-PROVIDER | ||
+ | The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER) | ||
+ | --browser-type=BROWSER-TYPE | ||
+ | The configured browser type when the IDP provider is set to Browser. if not set 'chromium' will be used. (env: SAML2AWS_BROWSER_TYPE) | ||
+ | --browser-executable-path=BROWSER-EXECUTABLE-PATH | ||
+ | The configured browser full path when the IDP provider is set to Browser. If set, no browser download will be performed and the | ||
+ | executable path will be used instead. (env: SAML2AWS_BROWSER_EXECUTABLE_PATH) | ||
+ | --browser-autofill Configures browser to autofill the username and password. (env: SAML2AWS_BROWSER_AUTOFILL) | ||
+ | --mfa=MFA The name of the mfa. (env: SAML2AWS_MFA) | ||
+ | -s, --skip-verify Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY) | ||
+ | --url=URL The URL of the SAML IDP server used to login. (env: SAML2AWS_URL) | ||
+ | --username=USERNAME The username used to login. (env: SAML2AWS_USERNAME) | ||
+ | --password=PASSWORD The password used to login. (env: SAML2AWS_PASSWORD) | ||
+ | --mfa-token=MFA-TOKEN The current MFA token (supported in Keycloak, ADFS, GoogleApps). (env: SAML2AWS_MFA_TOKEN) | ||
+ | --role=ROLE The ARN of the role to assume. (env: SAML2AWS_ROLE) | ||
+ | --aws-urn=AWS-URN The URN used by SAML when you login. (env: SAML2AWS_AWS_URN) | ||
+ | --skip-prompt Skip prompting for parameters during login. | ||
+ | --session-duration=SESSION-DURATION | ||
+ | The duration of your AWS Session. (env: SAML2AWS_SESSION_DURATION) | ||
+ | --disable-keychain Do not use keychain at all. This will also disable Okta sessions & remembering MFA device. (env: SAML2AWS_DISABLE_KEYCHAIN) | ||
+ | -r, --region=REGION AWS region to use for API requests, e.g. us-east-1, us-gov-west-1, cn-north-1 (env: SAML2AWS_REGION) | ||
+ | --prompter=PROMPTER The prompter to use for user input (default, pinentry) | ||
+ | |||
+ | Commands: | ||
+ | help [<command>...] | ||
+ | Show help. | ||
+ | |||
+ | configure [<flags>] | ||
+ | Configure a new IDP account. | ||
+ | |||
+ | login [<flags>] | ||
+ | Login to a SAML 2.0 IDP and convert the SAML assertion to an STS token. | ||
+ | |||
+ | exec [<flags>] [<command>...] | ||
+ | Exec the supplied command with env vars from STS token. | ||
+ | |||
+ | console [<flags>] | ||
+ | Console will open the aws console after logging in. | ||
+ | |||
+ | list-roles [<flags>] | ||
+ | List available role ARNs. | ||
+ | |||
+ | script [<flags>] | ||
+ | Emit a script that will export environment variables. | ||
+ | </pre> | ||
Revision as of 05:40, 23 May 2024
saml2aws
CLI tool which enables you to login and retrieve AWS temporary credentials using with ADFS or PingFederate Identity Providers
brew install saml2aws
saml2aws --help usage: saml2aws [<flags>] <command> [<args> ...] A command line tool to help with SAML access to the AWS token service. Flags: --help Show context-sensitive help (also try --help-long and --help-man). --version Show application version. --verbose Enable verbose logging --quiet silences logs -i, --provider=PROVIDER This flag is obsolete. See: https://github.com/Versent/saml2aws#configuring-idp-accounts --config=CONFIG Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE) -a, --idp-account="default" The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT) --idp-provider=IDP-PROVIDER The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER) --browser-type=BROWSER-TYPE The configured browser type when the IDP provider is set to Browser. if not set 'chromium' will be used. (env: SAML2AWS_BROWSER_TYPE) --browser-executable-path=BROWSER-EXECUTABLE-PATH The configured browser full path when the IDP provider is set to Browser. If set, no browser download will be performed and the executable path will be used instead. (env: SAML2AWS_BROWSER_EXECUTABLE_PATH) --browser-autofill Configures browser to autofill the username and password. (env: SAML2AWS_BROWSER_AUTOFILL) --mfa=MFA The name of the mfa. (env: SAML2AWS_MFA) -s, --skip-verify Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY) --url=URL The URL of the SAML IDP server used to login. (env: SAML2AWS_URL) --username=USERNAME The username used to login. (env: SAML2AWS_USERNAME) --password=PASSWORD The password used to login. (env: SAML2AWS_PASSWORD) --mfa-token=MFA-TOKEN The current MFA token (supported in Keycloak, ADFS, GoogleApps). (env: SAML2AWS_MFA_TOKEN) --role=ROLE The ARN of the role to assume. (env: SAML2AWS_ROLE) --aws-urn=AWS-URN The URN used by SAML when you login. (env: SAML2AWS_AWS_URN) --skip-prompt Skip prompting for parameters during login. --session-duration=SESSION-DURATION The duration of your AWS Session. (env: SAML2AWS_SESSION_DURATION) --disable-keychain Do not use keychain at all. This will also disable Okta sessions & remembering MFA device. (env: SAML2AWS_DISABLE_KEYCHAIN) -r, --region=REGION AWS region to use for API requests, e.g. us-east-1, us-gov-west-1, cn-north-1 (env: SAML2AWS_REGION) --prompter=PROMPTER The prompter to use for user input (default, pinentry) Commands: help [<command>...] Show help. configure [<flags>] Configure a new IDP account. login [<flags>] Login to a SAML 2.0 IDP and convert the SAML assertion to an STS token. exec [<flags>] [<command>...] Exec the supplied command with env vars from STS token. console [<flags>] Console will open the aws console after logging in. list-roles [<flags>] List available role ARNs. script [<flags>] Emit a script that will export environment variables.
See also
saml2aws [ configure | login | exec ], ~/.saml2aws, s2a
- SAML, IdP, Assertion, Attribute, SCIM, Amazon Cognito, OpenID Connect (OIDC), SAML response,
SAML:EduPersonOrgDN
, Assertion Consumer Service (ACS), SAML examples,Entity ID
,Name ID
,SAMLResponse, saml-provider, saml2aws
,aws_iam_saml_provider
- AWS, Amazon Managed Services, AWS Management & Governance, computing, security, networking, AWS compliance, AWS Outposts AWS Free Tier, AWS certifications, AWS Trusted Advisor, AWS Systems Manager, AWS Config, IAM Access Analyzer, AWS Cost Explorer, AWS Cost Management, AWS Budgets, AWS Organizations, AWS dev: (CodeStar, Cloud9), AWS Partner Network (APN), AWS Resource Access Manager, AWS Quick Starts, AWS Global Accelerator, AWS Elemental MediaStore, AWS Enterprise support, AWS support, AWS Professional Services Consultants, AWS Cloud Map, AWS Marketplace, AWS CLI, AWS Management Console, AWS acceptable use policy, amazonaws.com, Quotas, AWS Support plans, AWS Resource Explorer, AWS Managed Services (AMS), AWS savings, AWS Nitro System, AWS Activate, Serverless, AWS timeline
Advertising: