This tool uses Puppeteer (https://github.com/GoogleChrome/puppeteer) to
intercept SAML logins to AWS and store the credentials in a credentials file.
samlogin was inspired heavily by the SAML to STS Keys extension
(https://github.com/prolane/samltoawsstskeys) by G.T.C. (Gerard) Laan.
- Install Node.js (tested on v8.11.4).
- Clone the project repository to your preferred location.
- Navigate to the project directory.
- Install the package dependencies with
yarn installornpm install. - Create your configuration file in the project directory.
Configuration is managed with a yaml file. samlogin will attempt to find the configuration file in the following paths (in order):
- An exact path specified by the
--configparameter %LOCALAPPDATA\samlogin\config.yaml$XDG_CONFIG_HOME/samlogin/config.yaml$HOME/Library/Preferences/samlogin/config.yaml~/.samlogin.yaml
AuthUrl- The URL of your Identity Provider which accepts your credentialsAccountAliases- A sequence of maps from account number to aliasDurationSeconds- A number of seconds (less then the configured max duration) for the session to be active for
An example configuration:
---
# Example Configuration File
AuthUrl: # The login URL of your IDP - E.g.:
# https://accounts.google.com/o/saml2/init.sso?...
# Use "Prod" in place of 123456789012 and Dev in place of 210987654321in the
# profile name.
AccountAliases:
- AccountNumber: '123456789012'
Alias: Prod
- AccountNumber: '210987654321'
Alias: Dev
DurationSeconds: 28800
samlogin [--config <path>]
Calling the command will launch an embedded instance of Chromium and navigate
to AuthUrl. Once you log in, your IDP will forward the browser to the AWS
SAML endpoint and the credentials will be intercepted and written to
~/.aws/credentials.