Skip to content
/ aws-adfs-credential-generator Public
forked from pvanbuijtene/aws-adfs-credential-generator

Windows desktop utlity that generates an AWS Credential file with temporary credentials for ADFS users.

License

MIT license
0 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BenWolstencroft/aws-adfs-credential-generator

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
docs
docs
 
 
src
src
 
 
tools
tools
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.cake
build.cake
 
 
build.ps1
build.ps1
 
 
version.txt
version.txt
 
 

Repository files navigation

AWS-ADFS-Credential-Generator

Windows desktop application that generates an AWS Credential file with temporary credentials for ADFS users. Inspired by How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS this tool is designed for less technically inclined folk who need tooling/API access to AWS but are not CLI comfortable.

Downloads

Here is a screen shot with typical settings showing the profiles (aka 'Roles') for the given user:

screen_shot

Here is a screen shot of S3Browser using the generated credential file and one of the profiles:

screen_shot_s3browser

How it works

  1. Using the supplied domain credentials, it authenticates against the ASFS url provided using NTLM. The machine running this does not need to be on the domain.
  2. If authentication is successful, the SAMLResponse is extracted.
  3. All the Role attributes are extracted from the SAMLResponse.
  4. For each Role, temporary credentials are requested from AWS and written to $USERPROFILE/.aws/credentials-generated
  5. The temporary credentials are refreshed automatically every 50 minutes (the max lifetime for a AWS temporary credential is 60 minutes).
  6. CLI tooling / S3Browser etc should be configured to use $USERPROFILE/.aws/credentials-generated.

Settings

  • ADFS URL: The URL to your ADFS server for Identity Provider Initiated Sign On. Get this value from your friendly Administrator.
  • Login to RP: The AWS Relying Party name. This is configured in ADFS. Get this value from your friendly Administrator.
  • Use Crrent User: Authenticates with your logged in windows credentials. Use this if your machine & account is part of a domain.
  • Username, Password: Allows you to specify credentials to log in to ADFS. Use this if your machinc / account is NOT part of a domain, or you want to log in as someone else.
  • SAML Prioder Name: The Identity Provider Name, as configured in AWS IAM's "Identity Providers" section. Get this value from your friendly Administrator.
  • Profiles: The collection of Roles you can assume when logging into your AWS accound are written as "Credential Profiles". Use these values in CLI (i.e. AWS Powershell -ProfileName) or GUI tools (S3Browser above).

Contributing

This was hacked up on a Saturday night; not meant to be the prettiest. It is a winforms app with all the code in code-behind and zero tests; and that's fine, It Works. Pull requests are welcome, however, create an issue first.

About

Windows desktop utlity that generates an AWS Credential file with temporary credentials for ADFS users.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • C# 76.9%
  • PowerShell 23.1%