Update

.gitignore

@@ -0,0 +1,6 @@
+
+*.xml
+.vscode/
+aws_google_saml.egg-info/
+dist/
+__pycache__/

LICENCE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Benjamin Goldsmith
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,36 @@
+# Google SAML Auth
+
+This is a utility to obtain temporary Amazon Web Services (AWS) Security Token Service (STS) credentials for use on the local Command Line Interface (CLI).
+
+This is an enhancement on the popular [AWS Google Auth](https://github.com/cevoaustralia/aws-google-auth) application, which uses a requests library to authenticate to Google before authenticating to AWS via SAML.
+
+This application works similarly, however bypasses the need to authenticate into Google by using the user's existing Google web browser session to post the SAML assertion used for AWS authentication back to this application via local HTTP callback.
+
+## Getting Started
+
+This project relies on Python (specifically, we've only tested on `Python 3`). Please first install Python3 using Brew
+
+```sh
+brew install python
+```
+
+You'll then need to configure profiles to use in your `~/.aws/config` file. An example below:
+
+```
+
+[profile profile-name]
+region = ap-southeast-2
+account = 453559030913
+google_config.google_idp_id = C01g1l5do
+google_config.role_name = assumed-ins-tech-lead
+google_config.google_sp_id = 705835944086
+
+```
+
+### Running the application
+
+Ready? Start the app with the following command
+
+```sh
+python3 google-saml-auth.py --profile profile-name
+```

authed.html

@@ -0,0 +1,133 @@
+<html>
+  <head>
+    <script>
+      // Set the date we're counting down to
+      var countDownDate = new Date("__REPLACED_DATE_HERE__").getTime();
+
+      function countdown() {
+        // Get today's date and time
+        var now = new Date().getTime();
+
+        // Find the distance between now and the count down date
+        var distance = countDownDate - now;
+
+        // Time calculations for days, hours, minutes and seconds
+        var hours = Math.floor(
+          (distance % (1000 * 60 * 60 * 24)) / (1000 * 60 * 60)
+        );
+        var minutes = Math.floor((distance % (1000 * 60 * 60)) / (1000 * 60));
+        var seconds = Math.floor((distance % (1000 * 60)) / 1000);
+
+        // Display the result in the element with id="demo"
+        document.getElementById("countdown").innerHTML =
+          hours + " hours " + minutes + " mins " + seconds + " seconds ";
+
+        // If the count down is finished, write some text
+        if (distance < 0) {
+          clearInterval(x);
+          document.getElementById("countdown").innerHTML = "EXPIRED";
+        }
+      }
+
+      window.onload = countdown;
+      // Update the count down every 1 second
+      var x = setInterval(countdown, 1000);
+    </script>
+    <style>
+      @import url("https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900");
+
+      body {
+        font-family: "Poppins", sans-serif;
+        background: #000;
+        text-align: center;
+      }
+
+      #container {
+        width: 100%;
+        position: absolute;
+        top: 40%;
+        transform: translate(0%, -40%);
+      }
+
+      .content h2 {
+        margin: 0;
+        color: #fff;
+        position: absolute;
+        font-size: 4em;
+        width: 100%;
+      }
+
+      .content h2:nth-child(1) {
+        color: transparent;
+        -webkit-text-stroke: 2px #03a9f4;
+      }
+
+      .content h2:nth-child(2) {
+        color: #03a9f4;
+        animation: animate 4s ease-in-out infinite;
+      }
+
+      #message {
+        margin-top: 100px;
+        position: absolute;
+        color: #fff;
+        width: 1000px;
+        line-height: 2.5em;
+      }
+
+      .grey {
+        color: #cacaca;
+      }
+
+      @keyframes animate {
+        0%,
+        100% {
+          color: #03a9f4;
+          clip-path: polygon(
+            0% 45%,
+            16% 44%,
+            33% 50%,
+            54% 60%,
+            70% 61%,
+            84% 59%,
+            100% 52%,
+            100% 100%,
+            0% 100%
+          );
+        }
+
+        50% {
+          color: #35b4ef;
+          clip-path: polygon(
+            0% 60%,
+            15% 65%,
+            34% 66%,
+            51% 62%,
+            67% 50%,
+            84% 45%,
+            100% 46%,
+            100% 100%,
+            0% 100%
+          );
+        }
+      }
+    </style>
+  </head>
+  <body>
+    <div id="container">
+      <div class="content">
+        <h2>You're&nbsp;Auth'ed</h2>
+        <h2>You're&nbsp;Auth'ed</h2>
+      </div>
+      <div id="message">
+        <span class="grey">into the </span>__REPLACED_PROFILE_NAME_HERE__<span
+          class="grey"
+        >
+          profile for the next </span
+        ><span id="countdown">X hours XX mins XX seconds</span>
+        <br />
+        <span class="grey">you can close this window now</span>
+      </div>
+    </div>
+  </body>
+</html>