[Cyberduck-trac] [Cyberduck] #11568: AWS SSO / Session Token Authentication with Cyberduck
Cyberduck
trac at cyberduck.io
Fri Jan 29 19:46:00 UTC 2021
#11568: AWS SSO / Session Token Authentication with Cyberduck
----------------------------+-------------------
Reporter: benhouse | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: sftp | Version: 7.8.2
Severity: normal | Keywords:
Architecture: | Platform:
----------------------------+-------------------
Hello!
I'm in the process of migrating from AWS IAM user / AssumeRole
authentication to using the AWS Single Sign-On service. Cyberduck has
worked great with the user/role auth, and I have a couple feature requests
that I think would allow it to work with AWS SSO.
For an Amazon S3 connection, add a field to enter an AWS Session Token
directly, along with the access key id and secret access key.
AWS SSO presents a nice copy/paste window for session credentials, and it
would be easy for a user to copy/paste the values from "Option 3" (below)
into Cyberduck when connecting. This is a screenshot of the AWS SSO login
page that presents temporary credentials and how to use them.
Another option would be to upgrade to aws java sdk v2 which
[https://github.com/aws/aws-sdk-java-v2/pull/2118 supports the SSO
credentials provider].
There's an open issue for [https://github.com/aws/aws-sdk-java/issues/2434
support in the aws java v1 sdk], but I'm not sure if it will be
implemented.
I'm supporting Cyberduck users that have limited text editor / terminal
experience, so a workflow that relies on them making changes to
~/.aws/credentials to update their access keys / session token is
cumbersome.
Thank you! - Ben
--
Ticket URL: <https://trac.cyberduck.io/ticket/11568>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list