SAMLImmutableCredentials ICoreAmazonSTS.CredentialsFromSAMLAuthentication(string endpoint, string authenticationType, string roleARN, TimeSpan credentialDuration, ICredentials userCredential) { SAMLAssertion assertion; try { var authController = new SAMLAuthenticationController(Config.GetWebProxy()); assertion = authController.GetSAMLAssertion(endpoint, userCredential, authenticationType); } catch (Exception e) { throw new FederatedAuthenticationFailureException("Authentication failure, unable to obtain SAML assertion.", e); } try { return assertion.GetRoleCredentials(this, roleARN, credentialDuration); } catch (Exception e) { throw new AmazonClientException("Credential generation failed following successful authentication.", e); } }
private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration) { CredentialsRefreshState state; SAMLAssertion assertion; var configuredRegion = AWSConfigs.AWSRegion; var region = string.IsNullOrEmpty(configuredRegion) ? DefaultSTSClientRegion : RegionEndpoint.GetBySystemName(configuredRegion); try { assertion = new SAMLAuthenticationController().GetSAMLAssertion(ProfileData.EndpointSettings.Endpoint.ToString(), userCredential, ProfileData.EndpointSettings.AuthenticationType); } catch (Exception e) { throw new AuthenticationFailedException("Authentication failure, unable to obtain SAML assertion.", e); } try { using (var stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials(), region)) { var credentials = assertion.GetRoleCredentials(stsClient, ProfileData.RoleArn, credentialDuration); state = new CredentialsRefreshState(credentials, DateTime.UtcNow + credentialDuration); } } catch (Exception e) { var wrappedException = new AmazonClientException("Credential generation failed following successful authentication.", e); var logger = Logger.GetLogger(typeof(StoredProfileSAMLCredentials)); logger.Error(wrappedException, wrappedException.Message); throw wrappedException; } return(state); }
private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration) { CredentialsRefreshState state; SAMLAssertion assertion; var configuredRegion = AWSConfigs.AWSRegion; var region = string.IsNullOrEmpty(configuredRegion) ? DefaultSTSClientRegion : RegionEndpoint.GetBySystemName(configuredRegion); try { assertion = new SAMLAuthenticationController().GetSAMLAssertion(ProfileData.EndpointSettings.Endpoint.ToString(), userCredential, ProfileData.EndpointSettings.AuthenticationType); } catch (Exception e) { throw new AuthenticationFailedException("Authentication failure, unable to obtain SAML assertion.", e); } try { using (var stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials(), region)) { var credentials = assertion.GetRoleCredentials(stsClient, ProfileData.RoleArn, credentialDuration); state = new CredentialsRefreshState(credentials, DateTime.UtcNow + credentialDuration); } } catch (Exception e) { var wrappedException = new AmazonClientException("Credential generation failed following successful authentication.", e); var logger = Logger.GetLogger(typeof(StoredProfileSAMLCredentials)); logger.Error(wrappedException, wrappedException.Message); throw wrappedException; } return state; }