public GetSamlRoleCredentails ( string samlAssertion, string awsRole ) : |
||
samlAssertion | string | |
awsRole | string | |
return |
public SessionAWSCredentials GetSamlRoleCredentails(string samlAssertion, string awsRole)
{
string[] role = awsRole.Split(',');
AssumeRoleWithSAMLRequest samlRequest = new AssumeRoleWithSAMLRequest();
samlRequest.SAMLAssertion = samlAssertion;
samlRequest.RoleArn = role[1];
samlRequest.PrincipalArn = role[0];
samlRequest.DurationSeconds = 3600;
AmazonSecurityTokenServiceClient sts;
AssumeRoleWithSAMLResponse samlResponse;
try {
sts = new AmazonSecurityTokenServiceClient();
samlResponse = sts.AssumeRoleWithSAML(samlRequest);
}
catch
{
sts = new AmazonSecurityTokenServiceClient("a", "b", "c");
samlResponse = sts.AssumeRoleWithSAML(samlRequest);
}
SessionAWSCredentials sessionCredentials = new SessionAWSCredentials(
samlResponse.Credentials.AccessKeyId,
samlResponse.Credentials.SecretAccessKey,
samlResponse.Credentials.SessionToken);
return sessionCredentials;
}
protected override void ProcessRecord() { try { AWSSAMLUtils awsSamlUtils = new AWSSAMLUtils(); SessionAWSCredentials awsSessionCredentials = null; ICredentials userCredentials = GetUserCredentials(useCurrentCredentials); Uri uri = new Uri(identityProviderUrl); NetworkCredential networkCredentials = userCredentials.GetCredential(uri, ""); if (CredentialCache.DefaultCredentials != userCredentials) { ImpersonateUser(networkCredentials.UserName, networkCredentials.Password, networkCredentials.Domain); } string samlAssertion = awsSamlUtils.GetSamlAssertion(identityProviderUrl); string[] awsSamlRoles = awsSamlUtils.GetAwsSamlRoles(samlAssertion); UnImpersonateUser(); string awsSamlRole = null; if (roleIndex < awsSamlRoles.Length) { awsSamlRole = awsSamlRoles[roleIndex]; } else if (!string.IsNullOrEmpty(role)) { awsSamlRole = awsSamlRoles.FirstOrDefault(p => p.Contains(role)); if (awsSamlRole == null) { throw new ArgumentException(string.Format("role {0} not found in list of available roles: {1}", role, string.Join(", ", awsSamlRoles))); } } else { awsSamlRole = AskUserForAwsSamlRole(awsSamlRoles); } awsSessionCredentials = awsSamlUtils.GetSamlRoleCredentails(samlAssertion, awsSamlRole); SetPowershellSamlProfile(awsSessionCredentials.GetCredentials()); } catch { throw; } }