SAMLImmutableCredentials ICoreAmazonSTS.CredentialsFromSAMLAuthentication( #endif string endpoint, string authenticationType, string roleARN, TimeSpan credentialDuration, ICredentials userCredential) { SAMLAssertion assertion; try { var authController = new SAMLAuthenticationController(Config.GetWebProxy()); assertion = authController.GetSAMLAssertion(endpoint, userCredential, authenticationType); } catch (Exception e) { throw new FederatedAuthenticationFailureException("Authentication failure, unable to obtain SAML assertion.", e); } try { return(assertion.GetRoleCredentials(this, roleARN, credentialDuration)); } catch (Exception e) { throw new AmazonClientException("Credential generation failed following successful authentication.", e); } }
protected override void ProcessRecord() { try { string selectedRoleARN = null; NetworkCredential networkCredential = null; if (this.NetworkCredential != null) { networkCredential = this.NetworkCredential.GetNetworkCredential(); } var havePrincipal = ParameterWasBound("PrincipalARN"); var haveRole = ParameterWasBound("RoleARN"); if (havePrincipal != haveRole) { ThrowExecutionError("RoleARN must be specified with PrincipalARN.", this); } if (havePrincipal && haveRole) { selectedRoleARN = string.Concat(PrincipalARN, ",", RoleARN); } WriteVerbose("Authenticating with endpoint to verify role data..."); var samlEndpoint = (new SAMLEndpointManager()).GetEndpoint(EndpointName); var authenticationController = new SAMLAuthenticationController(); var samlAssertion = authenticationController.GetSAMLAssertion(samlEndpoint.EndpointUri.ToString(), networkCredential, samlEndpoint.AuthenticationType.ToString()); RegionEndpoint stsRegionEndpoint = null; if (!string.IsNullOrEmpty(STSEndpointRegion)) { stsRegionEndpoint = RegionEndpoint.GetBySystemName(STSEndpointRegion); } if (StoreAllRoles) { string domainUser = null; if (networkCredential != null) { // some credentials are entered in email format, so do not assume a domain // was present if (string.IsNullOrEmpty(networkCredential.Domain)) { domainUser = networkCredential.UserName; } else { domainUser = string.Format(@"{0}\{1}", networkCredential.Domain, networkCredential.UserName); } } var availableRoles = samlAssertion.RoleSet; foreach (var roleName in availableRoles.Keys) { selectedRoleARN = availableRoles[roleName]; WriteVerbose(string.Format("Saving role '{0}' to profile '{1}'.", selectedRoleARN, roleName)); var options = new CredentialProfileOptions() { EndpointName = EndpointName, RoleArn = selectedRoleARN, UserIdentity = domainUser }; SettingsStore.RegisterProfile(options, roleName, null, stsRegionEndpoint); WriteObject(roleName); } } else { var profileName = SelectAndStoreProfileForRole(samlAssertion.RoleSet, selectedRoleARN, networkCredential, stsRegionEndpoint); WriteObject(profileName); } } catch (Exception e) { this.ThrowTerminatingError(new ErrorRecord(new ArgumentException("Unable to set credentials: " + e.Message, e), "ArgumentException", ErrorCategory.InvalidArgument, this)); } }