private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration)
{
CredentialsRefreshState state;
var configuredRegion = !string.IsNullOrEmpty(ProfileData.Region) ? ProfileData.Region : AWSConfigs.AWSRegion;
var region = string.IsNullOrEmpty(configuredRegion)
? DefaultSTSClientRegion
: RegionEndpoint.GetBySystemName(configuredRegion);
ICoreAmazonSTS coreSTSClient = null;
try
{
var stsConfig = ServiceClientHelpers.CreateServiceConfig(ServiceClientHelpers.STS_ASSEMBLY_NAME,
ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
stsConfig.RegionEndpoint = region;
if (_proxySettings != null)
{
stsConfig.SetWebProxy(_proxySettings);
}
coreSTSClient
= ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS>(ServiceClientHelpers.STS_ASSEMBLY_NAME,
ServiceClientHelpers.STS_SERVICE_CLASS_NAME,
new AnonymousAWSCredentials(),
stsConfig);
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Assembly {0} could not be found or loaded. This assembly must be available at runtime to use this profile class.",
ServiceClientHelpers.STS_ASSEMBLY_NAME);
throw new InvalidOperationException(msg, e);
}
try
{
var credentials
= coreSTSClient.CredentialsFromSAMLAuthentication(ProfileData.EndpointSettings.Endpoint.ToString(),
ProfileData.EndpointSettings.AuthenticationType,
ProfileData.RoleArn,
credentialDuration,
userCredential);
ProfileData.PersistSession(credentials);
state = new CredentialsRefreshState(credentials, credentials.Expires);
}
catch (Exception e)
{
var wrappedException = new AmazonClientException("Credential generation from SAML authentication failed.", e);
var logger = Logger.GetLogger(typeof(StoredProfileFederatedCredentials));
logger.Error(wrappedException, wrappedException.Message);
throw wrappedException;
}
return(state);
}
private CredentialsRefreshState Authenticate(ICredentials userCredential)
{
CredentialsRefreshState state;
var region = Options.STSRegion;
if (region == null && !string.IsNullOrEmpty(AWSConfigs.AWSRegion))
{
region = RegionEndpoint.GetBySystemName(AWSConfigs.AWSRegion);
}
else
{
region = DefaultSTSClientRegion;
}
ICoreAmazonSTS coreSTSClient = null;
try
{
var stsConfig = ServiceClientHelpers.CreateServiceConfig(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
stsConfig.RegionEndpoint = region;
if (Options.ProxySettings != null)
{
stsConfig.SetWebProxy(Options.ProxySettings);
}
coreSTSClient = ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS>(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CLASS_NAME,
new AnonymousAWSCredentials(), stsConfig);
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Assembly {0} could not be found or loaded. This assembly must be available at runtime to use this profile class.",
ServiceClientHelpers.STS_ASSEMBLY_NAME);
throw new InvalidOperationException(msg, e);
}
try
{
var credentials = coreSTSClient.CredentialsFromSAMLAuthentication(SAMLEndpoint.EndpointUri.ToString(),
SAMLEndpoint.AuthenticationType.ToString(), RoleArn, MaximumCredentialTimespan, userCredential);
RegisterRoleSession(credentials);
state = new CredentialsRefreshState(credentials, credentials.Expires);
}
catch (Exception e)
{
var wrappedException = new AmazonClientException("Credential generation from SAML authentication failed.", e);
var logger = Logger.GetLogger(typeof(FederatedAWSCredentials));
logger.Error(wrappedException, wrappedException.Message);
throw wrappedException;
}
return(state);
}
private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration)
{
CredentialsRefreshState state;
SAMLAssertion assertion;
var configuredRegion = AWSConfigs.AWSRegion;
var region = string.IsNullOrEmpty(configuredRegion)
? DefaultSTSClientRegion
: RegionEndpoint.GetBySystemName(configuredRegion);
try
{
assertion = new SAMLAuthenticationController().GetSAMLAssertion(ProfileData.EndpointSettings.Endpoint.ToString(),
userCredential,
ProfileData.EndpointSettings.AuthenticationType);
}
catch (Exception e)
{
throw new AuthenticationFailedException("Authentication failure, unable to obtain SAML assertion.", e);
}
try
{
using (var stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials(), region))
{
var credentials = assertion.GetRoleCredentials(stsClient, ProfileData.RoleArn, credentialDuration);
state = new CredentialsRefreshState(credentials, DateTime.UtcNow + credentialDuration);
}
}
catch (Exception e)
{
var wrappedException = new AmazonClientException("Credential generation failed following successful authentication.", e);
var logger = Logger.GetLogger(typeof(StoredProfileSAMLCredentials));
logger.Error(wrappedException, wrappedException.Message);
throw wrappedException;
}
return state;
}