[Cyberduck-trac] [Cyberduck] #11568: AWS SSO / Session Token Authentication with Cyberduck

Cyberduck trac at cyberduck.io
Fri Jan 29 19:47:36 UTC 2021


#11568: AWS SSO / Session Token Authentication with Cyberduck
-------------------------+----------------------
 Reporter:  benhouse     |         Owner:
     Type:  enhancement  |        Status:  new
 Priority:  normal       |     Milestone:
Component:  sftp         |       Version:  7.8.2
 Severity:  normal       |    Resolution:
 Keywords:               |  Architecture:
 Platform:               |
-------------------------+----------------------
Description changed by benhouse:

Old description:

> Hello!
>
> I'm in the process of migrating from AWS IAM user / AssumeRole
> authentication to using the AWS Single Sign-On service. Cyberduck has
> worked great with the user/role auth, and I have a couple feature
> requests that I think would allow it to work with AWS SSO.
>
> For an Amazon S3 connection, add a field to enter an AWS Session Token
> directly, along with the access key id and secret access key.
> AWS SSO presents a nice copy/paste window for session credentials, and it
> would be easy for a user to copy/paste the values from "Option 3" (below)
> into Cyberduck when connecting. This is a screenshot of the AWS SSO login
> page that presents temporary credentials and how to use them.
>

> Another option would be to upgrade to aws java sdk v2 which
> [https://github.com/aws/aws-sdk-java-v2/pull/2118 supports the SSO
> credentials provider].
> There's an open issue for [https://github.com/aws/aws-sdk-
> java/issues/2434 support in the aws java v1 sdk], but I'm not sure if it
> will be implemented.
>

>
> I'm supporting Cyberduck users that have limited text editor / terminal
> experience, so a workflow that relies on them making changes to
> ~/.aws/credentials to update their access keys / session token is
> cumbersome.
>
> Thank you! - Ben

New description:

 Hello!

 I'm in the process of migrating from AWS IAM user / AssumeRole
 authentication to using the AWS Single Sign-On service. Cyberduck has
 worked great with the user/role auth, and I have a couple feature requests
 that I think would allow it to work with AWS SSO.

 For an Amazon S3 connection, add a field to enter an AWS Session Token
 directly, along with the access key id and secret access key.
 AWS SSO presents a nice copy/paste window for session credentials, and it
 would be easy for a user to copy/paste the values from "Option 3" (below)
 into Cyberduck when connecting. This is a screenshot of the AWS SSO login
 page that presents temporary credentials and how to use them.
 [[Image(SSO.png)]]


 Another option would be to upgrade to aws java sdk v2 which
 [https://github.com/aws/aws-sdk-java-v2/pull/2118 supports the SSO
 credentials provider].
 There's an open issue for [https://github.com/aws/aws-sdk-java/issues/2434
 support in the aws java v1 sdk], but I'm not sure if it will be
 implemented.



 I'm supporting Cyberduck users that have limited text editor / terminal
 experience, so a workflow that relies on them making changes to
 ~/.aws/credentials to update their access keys / session token is
 cumbersome.

 Thank you! - Ben

--

--
Ticket URL: <https://trac.cyberduck.io/ticket/11568#comment:1>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows


More information about the Cyberduck-trac mailing list