saml2aws icon indicating copy to clipboard operation
saml2aws copied to clipboard
verified publisher icon Versent

[FEATURE] `saml2aws console` to support new AWS feature "Signing in to multiple accounts"

Open blurayne opened this issue 2 months ago • 2 comments

AWS Web Console has now multi-session support - can saml2aws console support that? https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/multisession.html

It seems they now prefix now the web console URL with something like ${ACCOUNT_ID}-${8CHAR_HASH}-{REGION}.console.aws.amazon.com

blurayne avatar Oct 29 '25 07:10 blurayne

Opt-in is done via https://us-east-1.signin.aws.amazon.com/sessions/v1/opt-in?redirect_uri=https%3A%2F%2Fus-east-1.console.aws.amazon.com%2Fconsole%2Fhome%3Fregion%3Dus-east-1%26newPrism%3Dtrue%23

which responds with a redirect to: https://us-east-1.console.aws.amazon.com/console/home?region=us-east-1&newPrism=true&login_hint=ACCOUNT_ID-8CHARS

blurayne avatar Oct 29 '25 07:10 blurayne

login_hint is determisitic over several sessions and seems to be [0-9a-z]{8}

blurayne avatar Oct 29 '25 09:10 blurayne