saml2aws icon indicating copy to clipboard operation
saml2aws copied to clipboard

Published 20 hours ago verified publisher icon Versent

Share Okta credentials cross accounts

Open tommywo opened this issue 4 years ago • 3 comments

Allow splitting Okta login url to url and app_id so user can login once to okta and then use the same session to access different accounts, similarly like they can in the browser.

Configuration example:

[account-a]
app_id           = /app/example/AAAAAAA/sso/saml
url              = https://example.okta.com
provider         = Okta
(...)

[account-b]
app_id           = /app/example/BBBBBBB/sso/saml
url              = https://example.okta.com
provider         = Okta
(...)

The change from the SecClassInternetPassword to SecClassGenericPassword is because on the first login saml2aws would first save the okta session cookie to keychain and then delete it while saving the password. It also returned the token instead of password. this doesn't happen for me with SecClassGenericPassword.

I tested the change combined with pull request #722 and the fixes from issue #714

tommywo avatar Oct 23 '21 22:10 tommywo

@wolfeidau What do you think about this pull request?

tommywo avatar Nov 16 '21 15:11 tommywo

@tommywo changing the sec class would be a breaking change as keychain doesn't really handle this well...

We need to come up with a way to enable this without breaking existing users.

wolfeidau avatar Feb 02 '22 07:02 wolfeidau

This would be a really great feature for us too, I hope to see it accepted!

briantist avatar Feb 14 '22 05:02 briantist