[Cyberduck-trac] [Cyberduck] #11568: AWS SSO / Session Token Authentication with Cyberduck
Cyberduck
trac at cyberduck.io
Fri Jan 29 19:47:36 UTC 2021
#11568: AWS SSO / Session Token Authentication with Cyberduck
-------------------------+----------------------
Reporter: benhouse | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: sftp | Version: 7.8.2
Severity: normal | Resolution:
Keywords: | Architecture:
Platform: |
-------------------------+----------------------
Description changed by benhouse:
Old description:
> Hello!
>
> I'm in the process of migrating from AWS IAM user / AssumeRole
> authentication to using the AWS Single Sign-On service. Cyberduck has
> worked great with the user/role auth, and I have a couple feature
> requests that I think would allow it to work with AWS SSO.
>
> For an Amazon S3 connection, add a field to enter an AWS Session Token
> directly, along with the access key id and secret access key.
> AWS SSO presents a nice copy/paste window for session credentials, and it
> would be easy for a user to copy/paste the values from "Option 3" (below)
> into Cyberduck when connecting. This is a screenshot of the AWS SSO login
> page that presents temporary credentials and how to use them.
>
> Another option would be to upgrade to aws java sdk v2 which
> [https://github.com/aws/aws-sdk-java-v2/pull/2118 supports the SSO
> credentials provider].
> There's an open issue for [https://github.com/aws/aws-sdk-
> java/issues/2434 support in the aws java v1 sdk], but I'm not sure if it
> will be implemented.
>
>
> I'm supporting Cyberduck users that have limited text editor / terminal
> experience, so a workflow that relies on them making changes to
> ~/.aws/credentials to update their access keys / session token is
> cumbersome.
>
> Thank you! - Ben
New description:
Hello!
I'm in the process of migrating from AWS IAM user / AssumeRole
authentication to using the AWS Single Sign-On service. Cyberduck has
worked great with the user/role auth, and I have a couple feature requests
that I think would allow it to work with AWS SSO.
For an Amazon S3 connection, add a field to enter an AWS Session Token
directly, along with the access key id and secret access key.
AWS SSO presents a nice copy/paste window for session credentials, and it
would be easy for a user to copy/paste the values from "Option 3" (below)
into Cyberduck when connecting. This is a screenshot of the AWS SSO login
page that presents temporary credentials and how to use them.
[[Image(SSO.png)]]
Another option would be to upgrade to aws java sdk v2 which
[https://github.com/aws/aws-sdk-java-v2/pull/2118 supports the SSO
credentials provider].
There's an open issue for [https://github.com/aws/aws-sdk-java/issues/2434
support in the aws java v1 sdk], but I'm not sure if it will be
implemented.
I'm supporting Cyberduck users that have limited text editor / terminal
experience, so a workflow that relies on them making changes to
~/.aws/credentials to update their access keys / session token is
cumbersome.
Thank you! - Ben
--
--
Ticket URL: <https://trac.cyberduck.io/ticket/11568#comment:1>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list