public void GetEndpointExists()
{
manager.RegisterEndpoint(DefaultAuthSamlEndpoint);
SAMLEndpoint samlEndpoint = manager.GetEndpoint(EndpointName);
Assert.IsNotNull(samlEndpoint);
}
/// <summary>
/// Constructs an instance of FederatedAWSCredentials. After construction call GetCredentials
/// to authenticate the user/process and obtain temporary AWS credentials.
/// </summary>
/// <param name="samlEndpoint">The SAML endpoint used for authentication.</param>
/// <param name="roleArn">The role ARN used for authentication.</param>
/// <param name="options">The options used for authentication.
/// See <see cref="FederatedAWSCredentialsOptions"/> for details about available options.</param>
public FederatedAWSCredentials(SAMLEndpoint samlEndpoint, string roleArn,
FederatedAWSCredentialsOptions options)
{
if (string.IsNullOrEmpty(roleArn))
{
throw new ArgumentException("RoleArn must not be null or empty.");
}
Options = options ?? throw new ArgumentNullException("options");
SAMLEndpoint = samlEndpoint ?? throw new ArgumentNullException("samlEndpoint");
RoleArn = roleArn;
PreemptExpiryTime = DefaultPreemptExpiryTime;
}
private AWSCredentials GetCredentials()
{
const string profileName = "example_profile";
const string endpointName = profileName + "_endpoint";
const string samlEndpointUrl = "https://<adfs host>/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices";
//Create and register our saml endpoint that will be used by our profile
var endpoint = new SAMLEndpoint(
endpointName,
new Uri(samlEndpointUrl),
SAMLAuthenticationType.Negotiate);
var endpointManager = new SAMLEndpointManager();
endpointManager.RegisterEndpoint(endpoint);
//Use the default credential file. This could be substituted for a targeted file.
var netSdkFile = new NetSDKCredentialsFile();
CredentialProfile profile;
//See if we already have the profile and create it if not
if (netSdkFile.TryGetProfile(profileName, out profile).Equals(false))
{
var profileOptions = new CredentialProfileOptions
{
EndpointName = endpointName,
//This was kind of confusing as the AWS documentation did not say that this was
//a comma separated string combining the principle ARN (the ARN of the identity provider)
//and the ARN of the role. The documentation only shows that it's the ARN of the role.
RoleArn = principleArn + "," + roleArn
};
profile = new CredentialProfile(profileName, profileOptions);
profile.Region = RegionEndpoint.USEast1;
//Store the profile
netSdkFile.RegisterProfile(profile);
}
return(AWSCredentialsFactory.GetAWSCredentials(profile, netSdkFile));
}
protected override void ProcessRecord()
{
base.ProcessRecord();
var samlEndpointManager = new SAMLEndpointManager();
SAMLEndpoint samlEndpoint;
if (ParameterWasBound("AuthenticationType"))
{
var authenticationType = (SAMLAuthenticationType)(Enum.Parse(typeof(SAMLAuthenticationType), AuthenticationType));
samlEndpoint = new SAMLEndpoint(StoreAs, Endpoint, authenticationType);
}
else
{
samlEndpoint = new SAMLEndpoint(StoreAs, Endpoint);
}
samlEndpointManager.RegisterEndpoint(samlEndpoint);
WriteObject(StoreAs);
}
// <summary>
/// Constructs an instance of FederatedAWSCredentials. After construction call GetCredentials
/// to authenticate the user/process and obtain temporary AWS credentials.
/// </summary>
/// <param name="samlEndpoint">The SAML endpoint used for authentication.</param>
/// <param name="roleArn">The role ARN used for authentication.</param>
public FederatedAWSCredentials(SAMLEndpoint samlEndpoint, string roleArn)
: this(samlEndpoint, roleArn, new FederatedAWSCredentialsOptions())
{
}
