Skip to content

Integration tools for letting workloads authenticate to Google Cloud using IAM workload identity federation

License

Notifications You must be signed in to change notification settings

GoogleCloudPlatform/iam-federation-tools

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

IAM Federation tools

This repository contains tools for letting workloads that run outside of Google Cloud use workload identity federation to authenticate to Google Cloud.

Token Service

Token Service is an application that lets clients exchange custom credentials against an ID token that suitable for workload identity federation:

  • Towards a client appliation, the Token Service application acts as an Open ID Connect identity provider. Clients can authenticate using different authentication flows and can obtain an ID token that asserts their identity.

  • When you register the Token Service as a workload identity pool provider, clients can then use the ID token and exchange it against short-lived Google credentials by using the Google STS.

Workload Authenticator for Windows

Workload Authenticator for Windows (WWAuth) lets Windows applications authenticate to Google Cloud using their Active Directory Kerberos credentials. The tool automates the process of using Kerberos credentials to authenticate to Active Directory Federation Services (AD FS), and using the resulting AD FS credential to authenticate to Google Cloud.

Using WWAuth is an alternative to using service account keys and doesn't require you to manage and store any secrets or keys.


IAM Federation tools is an open-source project and not an officially supported Google product.

All files in this repository are under the Apache License, Version 2.0 unless noted otherwise.