aws-adfs

command module

v0.0.0-...-1cb2e9c Latest Latest Go to latest Published: Feb 22, 2016 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/wernerb/aws-adfs

Links

Open Source Insights

README ¶

AWS ADFS Smartcard

Golang cli tool that allows to fetch temporary STS AWS credentials using SAML from ADFS that requires pkcs11 (smartcards/hsm). The credentials are saved to ~/.aws/credentials and outputted to shell.

This project uses openssl, libcurl, engine_pkcs11, libp11 and hsa been tested with OSX, win32 support is to be expected soon.

Installation instructions (OSX)

Download the binary from github releases "aws-adfs" and put it in your path such as /usr/local/bin
brew install libp11 --HEAD
brew install engine_pkcs11 --HEAD
brew install curl --with-openssl

Configuration

Copy openssl.cnf.default to a folder such as ~/.aws/openssl.cnf
Edit the file to replace MODULE_PATH = PATH_TO_HSM_OR_SMARTCARD_DYLIB with the path to the dynamic library for your smart-card.
Execute cat /usr/local/etc/openssl/cert.pem > ~/.aws/smartcacert.pem
Append any CA certificates on your smart card (perhaps check your OSX Keychain) to that file.
Set configuration either in cli or in environmental variables by putting the following settings in ~/.zshrc or ~/.bashrc

export AWSADFS_IDPURL="https://sts.company.com:49443/adfs/ls/idpinitiatedsignon.aspx?loginToRp=urn:amazon:webservices"
export AWSADFS_USERNAME="myusername@company.com"
export AWSADFS_CAFILE="$HOME/.aws/smartcacert.pem"
export AWSADFS_OPENSSL_CONF="$HOME/.aws/openssl.cnf"
export AWSADFS_PROFILE="myprofile"

Usage instructions

Usage of aws-adfs:
  -c, --cacert string
    	path to CA file to use when connecting. alternatively, set AWSADFS_CAFILE
  -d, --debug
    	display debug info
  -i, --idp string
    	set adfs idp url. alternatively set AWSADFS_IDPURL. for example: https://sts.company.com/adfs/ls/idpinitiatedsignon.aspx?loginToRp=urn:amazon:webservices
  -o, --opensslconf string
    	path to openssl.cnf configuration with pkcs11 engine defined. alternatively, set AWSADFS_OPENSSL_CONF. uses system openssl.cnf as default.
  -p, --profile string
    	profile name in ~/.aws/credentials. If empty uses role-arn. alternatively, set AWSADFS_PROFILE
  -s, --save
    	save to aws/credentials (default true)
  -u, --username string
    	username to log in with. alternatively set AWSADFS_USERNAME; prompted by default

Compilation instructions

Execute:

CGO_LDFLAGS="-L/usr/local/opt/curl/lib -lcurl -lssl -lcrypto -lssl -lcrypto -lldap -lz" go install -a github.com/wernerb/aws-adfs

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

aws-adfs.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL