[Cyberduck-trac] [Cyberduck] #11568: AWS SSO / Session Token Authentication with Cyberduck

Cyberduck trac at cyberduck.io
Fri Jan 29 19:46:00 UTC 2021


#11568: AWS SSO / Session Token Authentication with Cyberduck
----------------------------+-------------------
    Reporter:  benhouse     |      Owner:
        Type:  enhancement  |     Status:  new
    Priority:  normal       |  Milestone:
   Component:  sftp         |    Version:  7.8.2
    Severity:  normal       |   Keywords:
Architecture:               |   Platform:
----------------------------+-------------------
 Hello!

 I'm in the process of migrating from AWS IAM user / AssumeRole
 authentication to using the AWS Single Sign-On service. Cyberduck has
 worked great with the user/role auth, and I have a couple feature requests
 that I think would allow it to work with AWS SSO.

 For an Amazon S3 connection, add a field to enter an AWS Session Token
 directly, along with the access key id and secret access key.
 AWS SSO presents a nice copy/paste window for session credentials, and it
 would be easy for a user to copy/paste the values from "Option 3" (below)
 into Cyberduck when connecting. This is a screenshot of the AWS SSO login
 page that presents temporary credentials and how to use them.


 Another option would be to upgrade to aws java sdk v2 which
 [https://github.com/aws/aws-sdk-java-v2/pull/2118 supports the SSO
 credentials provider].
 There's an open issue for [https://github.com/aws/aws-sdk-java/issues/2434
 support in the aws java v1 sdk], but I'm not sure if it will be
 implemented.



 I'm supporting Cyberduck users that have limited text editor / terminal
 experience, so a workflow that relies on them making changes to
 ~/.aws/credentials to update their access keys / session token is
 cumbersome.

 Thank you! - Ben

--
Ticket URL: <https://trac.cyberduck.io/ticket/11568>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows


More information about the Cyberduck-trac mailing list