awslabs/awsprocesscreds

F5 SSO provider

Freedmont opened this issue · 2 comments

F5's implementation of SAML seems pretty straight forward.

With minor tweaks to my locally installed saml.py I was able to get it working. I'll see about submitting a PR if I get a chance to set up a development environment.

Supporting providers outside of ADFS and Okta is out of scope for the project right now. We want to make sure that we can test them against a live service, which is a fairly significant undertaking for most IDPs. That said, I'll leave this feature request open. If we get enough love for the feature request we can see about taking it on.

Thanks. Originally, I was using the scripts provided here: https://aws.amazon.com/blogs/security/how-to-implement-a-general-solution-for-federated-apicli-access-using-saml-2-0/ which work out of the box with our SAML provider, but I wanted to be able to tell my colleagues to use awsprocesscreds (since it had been mentioned in multiple talks at Re:Invent).

The ADFS3 code in that blog post was where I saw the comment "Some IdPs don't explicitly set a form action" that lead to the fix I submitted to awsprocesscreds, so perhaps there are enough other Identity Providers out there (besides F5) that do not set a form action to justify putting this into the mainstream.