Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Quick test for https://stackoverflow.com/questions/49163883/sign-in-page-for-aws-federated-login/49212472#49212472
- # Ref: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
- # python3 run.py
- import os
- import urllib.parse,json
- import requests # 'pip install requests'
- from boto.sts import STSConnection # AWS SDK for Python (Boto) 'pip install boto'
- from flask import Flask,redirect # pip install flask
- app = Flask(__name__)
- @app.route('/')
- def hello_world():
- # Step 1: Authenticate user in your own identity system.
- # Step 2: Using the access keys for an IAM user in your AWS account,
- # call "AssumeRole" to get temporary access keys for the federated user
- # Note: Calls to AWS STS AssumeRole must be signed using the access key ID
- # and secret access key of an IAM user or using existing temporary credentials.
- # The credentials can be in EC2 instance metadata, in environment variables,
- # or in a configuration file, and will be discovered automatically by the
- # STSConnection() function. For more information, see the Python SDK docs:
- # http://boto.readthedocs.org/en/latest/boto_config_tut.html
- sts_connection = STSConnection(aws_access_key_id='1234567890', aws_secret_access_key='0987654321')
- assumed_role_object = sts_connection.assume_role(
- role_arn="arn:aws:iam::197306934454:role/Cognito_WCD_studentsAuth_Role",
- role_session_name="AssumeRoleSession"
- )
- # Step 3: Format resulting temporary credentials into JSON
- json_string_with_temp_credentials = '{'
- json_string_with_temp_credentials += '"sessionId":"' + assumed_role_object.credentials.access_key + '",'
- json_string_with_temp_credentials += '"sessionKey":"' + assumed_role_object.credentials.secret_key + '",'
- json_string_with_temp_credentials += '"sessionToken":"' + assumed_role_object.credentials.session_token + '"'
- json_string_with_temp_credentials += '}'
- # Step 4. Make request to AWS federation endpoint to get sign-in token. Construct the parameter string with
- # the sign-in action request, a 12-hour session duration, and the JSON document with temporary credentials
- # as parameters.
- request_parameters = "?Action=getSigninToken"
- request_parameters += "&SessionDuration=43200"
- request_parameters += "&Session=" + urllib.parse.quote(json_string_with_temp_credentials)
- request_url = "https://signin.aws.amazon.com/federation" + request_parameters
- r = requests.get(request_url)
- # Returns a JSON document with a single element named SigninToken.
- signin_token = json.loads(r.text)
- # Step 5: Create URL where users can use the sign-in token to sign in to
- # the console. This URL must be used within 15 minutes after the
- # sign-in token was issued.
- request_parameters = "?Action=login"
- request_parameters += "&Issuer=Example.org"
- request_parameters += "&Destination=" + urllib.parse.quote("https://console.aws.amazon.com/")
- request_parameters += "&SigninToken=" + signin_token["SigninToken"]
- request_url = "https://signin.aws.amazon.com/federation" + request_parameters
- # Redirect URL
- return redirect(request_url, code=302)
- if __name__ == '__main__':
- app.run(host=os.getenv('IP', '0.0.0.0'),
- port=int(os.getenv('PORT', 8080)))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement