Skip to content

Commit

Permalink
Merge pull request #52 from jspc/aws-creds-from-saml
Browse files Browse the repository at this point in the history 
Load saml from responses
  • Loading branch information
@johananl
johananl committed Sep 10, 2018
2 parents 98434dc + 55607b9 commit 2b6e59d
Show file tree
Hide file tree
Showing 13 changed files with 295 additions and 82 deletions.
96 changes: 89 additions & 7 deletions Gopkg.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

21 changes: 2 additions & 19 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,9 +177,7 @@ To create a OneLogin app, use the following command:

clisso apps create onelogin my-app \
--provider my-provider \
--app-id 12345 \
--principal-arn arn:aws:iam::123456789012:saml-provider/OneLogin \
--role-arn arn:aws:iam::123456789012:role/OneLoginSSO
--app-id 12345

The example above creates a OneLogin app configuration for Clisso, with the name `my-app`.

Expand All @@ -193,21 +191,13 @@ manually configure the app ID for every app.
>NOTE: The ID seen in the browser URL when visiting a OneLogin app as a user is **NOT** the app ID.
>Only a OneLogin administrator can obtain an app ID.
The `--principal-arn` is the ARN of the [identity provider][9] that was created on AWS IAM for the
OneLogin integration.

The `--role-arn` is the ARN of the IAM role that should be assumed following a successful
authentication against OneLogin.

#### Okta

To create an Okta app, use the following command:

clisso apps create okta my-app \
--provider my-provider \
--url https://mycompany.okta.com/home/amazon_aws/xxxxxxxxxxxxxxxxxxxx/137 \
--principal-arn arn:aws:iam::123456789012:saml-provider/Okta \
--role-arn arn:aws:iam::123456789012:role/OktaSSO
--url https://mycompany.okta.com/home/amazon_aws/xxxxxxxxxxxxxxxxxxxx/137

The example above creates an Okta app configuration for Clisso, with the name `my-app`.

Expand All @@ -220,12 +210,6 @@ clicking an app in the **Applications** view. The embed link is on the **General
>NOTE: An Okta embed link must not contain an HTTP query, only the base URL. For AWS apps, the link
should end with `/137`.

The `--principal-arn` is the ARN of the [identity provider][9] that was created on AWS IAM for the
Okta integration.

The `--role-arn` is the ARN of the IAM role that should be assumed following a successful
authentication against Okta.

### Deleting Apps

Deleting apps using the `clisso` command isn't currently supported. To delete an app, remove its
Expand Down Expand Up @@ -264,7 +248,6 @@ apps using `clisso apps ls`.
## Caveats and Limitations

- No support for Okta applications with MFA enabled **at the application level**.
- No support for IAM role selection.

## Contributing

Expand Down
Loading

0 comments on commit 2b6e59d

Please sign in to comment.