-
Notifications
You must be signed in to change notification settings - Fork 179
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to login to google using the browser #225
base: master
Are you sure you want to change the base?
Conversation
Hi 👋 |
@ph-kpichou since making this MR, I've actually reworked the project into something quite different from the original, that only uses browser based login, if you are interested its now the main branch at https://github.com/ekreative/aws-saml-auth |
Thanks @mcfedr, I'll probably give it a try :) |
I'd be interested to know if someone else can make it work |
Actually, I'm not. I tried a bit this morning but with no success.
A browser tab opened, I can cannot to my Google account, then I can choose the account/role I want to use on AWS, and get logged to the console. This is the exact same process for me as when I want to log-in to the console using SAML. But on the CLI, nothing else happen. I just have the I guess I'm doing it correctly, but I don't know what is not working.
|
To use this version you need to add a new google workspace app - https://github.com/ekreative/aws-saml-auth/blob/main/README.rst#setup-aws-saml-and-google-workspace - this is so that the redirect goes to the cli http listener instead of that AWS choose account page. |
Oh sure, sorry I didn't read well. I'll try and tell you if it works :) Thanks ! |
This adds the possibility to not login to google on the cli, but instead go to the users browser and use his google session, and have it passed back to the cli.
It works by setting up a GSuite SAML app that doesnt send the user direct to aws, but instead to a server that is in the python app, this can then capture the SAML and use it to access AWS.