-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extract ARNs from SAML on onelogin #49
Comments
We've been looking for a way to avoid having to deal with ARNs in the config and could not find a good solution until now. In order to perform an AssumeRoleWithSAML operation, the principal ARN and role ARN must be specified. Are you saying we can extract this information from the response here? |
Yep- the SAML body contains ARNs, take a look at: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html (There are no anchors in that doc, search for |
Interesting. I'll take a look soon when I get to it. I'd definitely love to get rid of as much config as possible. |
I'm going to tackle this today when I've finished off
#50
…On 7 August 2018 at 12:54, Johannes Liebermann ***@***.***> wrote:
Interesting. I'll take a look soon when I get to it. I'd definitely love
to get rid of as much config as possible.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#49 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAxclRRVDTzR_pT6HB0SHCxZw1NTEkpNks5uOX_3gaJpZM4Vx5t7>
.
|
Fixed in #52. |
Given that onelogin/ aws saml reponses return necessary ARNs, extract these and use them to generate credentials rather than hardcoding them in config.
Where multiple ARNs exist, such as is the case with the onelogin multi-account app, present a form for a user to select from.
This approach is used in onelogin reference implementations of pulling AWS creds:
The text was updated successfully, but these errors were encountered: