SAMLImmutableCredentials ICoreAmazonSTS.CredentialsFromSAMLAuthentication(string endpoint,
string authenticationType,
string roleARN,
TimeSpan credentialDuration,
ICredentials userCredential)
{
SAMLAssertion assertion;
try
{
var authController = new SAMLAuthenticationController(Config.GetWebProxy());
assertion = authController.GetSAMLAssertion(endpoint, userCredential, authenticationType);
}
catch (Exception e)
{
throw new FederatedAuthenticationFailureException("Authentication failure, unable to obtain SAML assertion.", e);
}
try
{
return assertion.GetRoleCredentials(this, roleARN, credentialDuration);
}
catch (Exception e)
{
throw new AmazonClientException("Credential generation failed following successful authentication.", e);
}
}
private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration)
{
CredentialsRefreshState state;
SAMLAssertion assertion;
var configuredRegion = AWSConfigs.AWSRegion;
var region = string.IsNullOrEmpty(configuredRegion)
? DefaultSTSClientRegion
: RegionEndpoint.GetBySystemName(configuredRegion);
try
{
assertion = new SAMLAuthenticationController().GetSAMLAssertion(ProfileData.EndpointSettings.Endpoint.ToString(),
userCredential,
ProfileData.EndpointSettings.AuthenticationType);
}
catch (Exception e)
{
throw new AuthenticationFailedException("Authentication failure, unable to obtain SAML assertion.", e);
}
try
{
using (var stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials(), region))
{
var credentials = assertion.GetRoleCredentials(stsClient, ProfileData.RoleArn, credentialDuration);
state = new CredentialsRefreshState(credentials, DateTime.UtcNow + credentialDuration);
}
}
catch (Exception e)
{
var wrappedException = new AmazonClientException("Credential generation failed following successful authentication.", e);
var logger = Logger.GetLogger(typeof(StoredProfileSAMLCredentials));
logger.Error(wrappedException, wrappedException.Message);
throw wrappedException;
}
return(state);
}
private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration)
{
CredentialsRefreshState state;
SAMLAssertion assertion;
var configuredRegion = AWSConfigs.AWSRegion;
var region = string.IsNullOrEmpty(configuredRegion)
? DefaultSTSClientRegion
: RegionEndpoint.GetBySystemName(configuredRegion);
try
{
assertion = new SAMLAuthenticationController().GetSAMLAssertion(ProfileData.EndpointSettings.Endpoint.ToString(),
userCredential,
ProfileData.EndpointSettings.AuthenticationType);
}
catch (Exception e)
{
throw new AuthenticationFailedException("Authentication failure, unable to obtain SAML assertion.", e);
}
try
{
using (var stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials(), region))
{
var credentials = assertion.GetRoleCredentials(stsClient, ProfileData.RoleArn, credentialDuration);
state = new CredentialsRefreshState(credentials, DateTime.UtcNow + credentialDuration);
}
}
catch (Exception e)
{
var wrappedException = new AmazonClientException("Credential generation failed following successful authentication.", e);
var logger = Logger.GetLogger(typeof(StoredProfileSAMLCredentials));
logger.Error(wrappedException, wrappedException.Message);
throw wrappedException;
}
return state;
}