public void RegisterRoleSession(string roleSessionName, SAMLImmutableCredentials credentials)
{
var properties = new Dictionary <string, string>()
{
{ SettingsConstants.RoleSession, credentials.ToJson() }
};
settingsManager.RegisterObject(roleSessionName, properties);
}
public void GetCredentialsSessionCached()
{
var sessionName = SomeSAMLEndpoint.Name + "," + RoleArn + ",";
var samlImmutableCredentials = new SAMLImmutableCredentials(AccessKeyID, SecretAccessKey, Token, DateTime.UtcNow.AddDays(1), Subject);
sessionManager.RegisterRoleSession(sessionName, samlImmutableCredentials);
var awsCredentials = new FederatedAWSCredentials(SomeSAMLEndpoint, RoleArn);
AssertSAMLImmutableCredentials(samlImmutableCredentials, awsCredentials.GetCredentials());
}
private static void AssertSAMLImmutableCredentials(SAMLImmutableCredentials expected, ImmutableCredentials actual)
{
var actualSaml = actual as SAMLImmutableCredentials;
Assert.IsNotNull(actualSaml);
Assert.AreEqual(expected.AccessKey, actualSaml.AccessKey);
AssertExtensions.AssertDateTimesAreEqualToTheSecond(expected.Expires, actualSaml.Expires);
Assert.AreEqual(expected.SecretKey, actualSaml.SecretKey);
Assert.AreEqual(expected.Token, actualSaml.Token);
Assert.AreEqual(expected.Subject, actualSaml.Subject);
}
public void InitializeTest()
{
fixture = new EncryptedStoreTestFixture(RoleSessionsFilename);
manager = new SAMLRoleSessionManager();
DateTime now = DateTime.UtcNow;
// The expiration is only stored to the second in our JSON
nowToTheSecond = new DateTime(now.Year, now.Month, now.Day, now.Hour, now.Minute, now.Second, DateTimeKind.Utc);
yesterday = nowToTheSecond.AddDays(-1);
tomorrow = nowToTheSecond.AddDays(1);
samlCredentials = new SAMLImmutableCredentials("AccessKey", "SecretKey", "Token", tomorrow, "Subject");
expiredSamlCredentials = new SAMLImmutableCredentials("AccessKey", "SecretKey", "Token", yesterday, "Subject");
}
/// <summary>
/// Attempt to read a role session with the given name.
/// If the session is invalid or expired it will not be returned.
/// </summary>
/// <param name="roleSessionName">The name of the role session to get.</param>
/// <param name="credentials">The credentials for the session, if found.</param>
/// <returns>True if the session was found, false otherwise.</returns>
public bool TryGetRoleSession(string roleSessionName, out SAMLImmutableCredentials credentials)
{
Dictionary <string, string> properties;
credentials = null;
if (settingsManager.TryGetObject(roleSessionName, out properties))
{
try
{
credentials = SAMLImmutableCredentials.FromJson(properties[SettingsConstants.RoleSession]);
}
catch (Exception e)
{
Logger.GetLogger(typeof(SAMLRoleSessionManager)).Error(e, "Unable to load SAML role session '{0}'.", roleSessionName);
}
}
return(credentials != null);
}
SAMLImmutableCredentials ICoreAmazonSTS_SAML.CredentialsFromSAMLAuthentication(
#else
SAMLImmutableCredentials ICoreAmazonSTS.CredentialsFromSAMLAuthentication(
