Skip to main content

SAML login for AWS using Shibboleth IDP

Project description

This Python package provides some helper functions to allow programmatic retrieval of temporary AWS credentials from STS (Security Token Service) when using federated login with Shibboleth IDP.

The implementation relies on HTML parsing of the Shibboleth redirect page (HTML form) and the AWS role selection page.

This package requires Python 3.4.

Installation

$ sudo pip3 install --upgrade aws-saml-login

Usage

from aws_saml_login import authenticate, assume_role, write_aws_credentials

# authenticate against identity provider
saml_xml, roles = authenticate('https://shibboleth-idp.example.org', user, password)

print(roles)

# just use the first role here, we might display a user dialog to choose one
first_role = roles[0]

provider_arn, role_arn, account_name = first_role

# get temporary AWS credentials
key_id, secret, session_token = assume_role(saml_xml, provider_arn, role_arn)

# write to ~/.aws/credentials
write_aws_credentials('default', key_id, secret, session_token)

# AWS SDK (e.g. boto) can be used to call AWS endpoints

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for aws-saml-login, version 0.3
Filename, size File type Python version Upload date Hashes
Filename, size aws-saml-login-0.3.tar.gz (5.9 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page