![]() Selections for AWS App and AWS Role are saved to the `~/.okta-aws` file. Multiple Okta profiles are supported, but if none are specified, then `default` will be used. Subsequent executions will first check if the STS credentials are still valid and skip Okta authentication if so. Follow the prompts to enter MFA information (if required) and choose your AWS app and IAM role. YubiKey (Requires library python-u2flib-host) () Per-application MFA support (added in version 0.4.0) Overridden by -profile command line flagĪpp-link = # Found in Okta's configuration for your AWS account.ĭuration = 3600 # duration in seconds to request a session token for, make sure your accounts (both AWS itself and the associated okta application) allow for large durations. Profile = # Sets your temporary credentials to a profile in. Role = # AWS role name (match one of the options prompted for by "Please select the AWS role" when this parameter is not specified Password = # Only save your password if you know what you are doing!įactor = # Current choices are: GOOGLE or OKTA You may be prompted for them, if they're not included here. However, since we only need to look for the SAML assertion in a single, predictable tag, `. Parsing the HTML is still required to get the SAML assertion, after authentication is complete. ![]() This project is largely inspired by, but instead uses a purely API-driven approach, instead of parsing HTML during the authentication phase. Okta-awscli - Retrieve AWS credentials from OktaĪuthenticates a user against Okta and then uses the resulting SAML assertion to retrieve temporary STS credentials from AWS.
0 Comments
Leave a Reply. |