AWS SSO / Session Token Authentication with Cyberduck
144 views
Skip to first unread message
Ben House
Jan 13, 2021, 9:00:08 PM1/13/21
to Cyberduck
Hello!
I'm in the process of migrating from AWS IAM user / AssumeRole authentication to using the AWS Single Sign-On service. Cyberduck has worked great with the user/role auth, and I have a couple feature requests that I think would allow it to work with AWS SSO.
- For an Amazon S3 connection, add a field to enter an AWS Session Token directly, along with the access key id and secret access key.
- AWS SSO presents a nice copy/paste window for session credentials, and it would be easy for a user to copy/paste the values from "Option 3" (below) into Cyberduck when connecting. This is a screenshot of the AWS SSO login page that presents temporary credentials and how to use them.
- AWS SSO presents a nice copy/paste window for session credentials, and it would be easy for a user to copy/paste the values from "Option 3" (below) into Cyberduck when connecting. This is a screenshot of the AWS SSO login page that presents temporary credentials and how to use them.
- Upgrade to aws java sdk v2 which supports the SSO credentials provider.
- There's an open issue for support in the aws java v1 sdk, but I'm not sure if it will be implemented.
I'm supporting Cyberduck users that have limited text editor / terminal experience, so a workflow that relies on them making changes to ~/.aws/credentials to update their access keys / session token is cumbersome.
Thank you! - Ben
David Kocher
Jan 23, 2021, 6:13:03 AM1/23/21
to cybe...@googlegroups.com
It would be awesome if you can open a ticket at https://trac.cyberduck.io/newticket that allows us to track the progress on this feature.
— David
> On 14 Jan 2021, at 03:00, Ben House <b...@ben.house> wrote:
>
> Hello!
>
> I'm in the process of migrating from AWS IAM user / AssumeRole authentication to using the AWS Single Sign-On service. Cyberduck has worked great with the user/role auth, and I have a couple feature requests that I think would allow it to work with AWS SSO.
> • For an Amazon S3 connection, add a field to enter an AWS Session Token directly, along with the access key id and secret access key.
> • AWS SSO presents a nice copy/paste window for session credentials, and it would be easy for a user to copy/paste the values from "Option 3" (below) into Cyberduck when connecting. This is a screenshot of the AWS SSO login page that presents temporary credentials and how to use them.<SSO.png>
> --
> You received this message because you are subscribed to the Google Groups "Cyberduck" group. To post to this group, send email to cybe...@googlegroups.com
> To unsubscribe from this group, send email to cyberduck+...@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/cyberduck
> --
> Post bug reports and feature requests
> http://trac.cyberduck.ch/newticket
> --
> Support development
> http://cyberduck.ch/donate/
>
> ---
> You received this message because you are subscribed to the Google Groups "Cyberduck" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cyberduck+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/cyberduck/20409d0c-6050-4783-a274-97db53579ee5n%40googlegroups.com.
> <SSO.png>
— David
> On 14 Jan 2021, at 03:00, Ben House <b...@ben.house> wrote:
>
> Hello!
>
> I'm in the process of migrating from AWS IAM user / AssumeRole authentication to using the AWS Single Sign-On service. Cyberduck has worked great with the user/role auth, and I have a couple feature requests that I think would allow it to work with AWS SSO.
> • For an Amazon S3 connection, add a field to enter an AWS Session Token directly, along with the access key id and secret access key.
> • Upgrade to aws java sdk v2 which supports the SSO credentials provider.
> • There's an open issue for support in the aws java v1 sdk, but I'm not sure if it will be implemented.
>
> I'm supporting Cyberduck users that have limited text editor / terminal experience, so a workflow that relies on them making changes to ~/.aws/credentials to update their access keys / session token is cumbersome.
>
> Thank you! - Ben
>
> --
> • There's an open issue for support in the aws java v1 sdk, but I'm not sure if it will be implemented.
>
> I'm supporting Cyberduck users that have limited text editor / terminal experience, so a workflow that relies on them making changes to ~/.aws/credentials to update their access keys / session token is cumbersome.
>
> Thank you! - Ben
>
> --
> You received this message because you are subscribed to the Google Groups "Cyberduck" group. To post to this group, send email to cybe...@googlegroups.com
> To unsubscribe from this group, send email to cyberduck+...@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/cyberduck
> --
> Post bug reports and feature requests
> http://trac.cyberduck.ch/newticket
> --
> Support development
> http://cyberduck.ch/donate/
>
> ---
> You received this message because you are subscribed to the Google Groups "Cyberduck" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cyberduck+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/cyberduck/20409d0c-6050-4783-a274-97db53579ee5n%40googlegroups.com.
> <SSO.png>
Reply all
Reply to author
Forward
0 new messages