aws-sdk-java icon indicating copy to clipboard operation
aws-sdk-java copied to clipboard

Published 20 hours ago verified publisher icon aws

Support for AWS SSO credentials

Open andyndang opened this issue 4 years ago • 9 comments

I'd like to use AWS SSO as the credentials for my program:

aws sso login

I can use SSO credentials in boto3

Describe the Feature

AWS SSO credentials to replace static AWS credentials

Is your Feature Request related to a problem?

I'm frustrated because I keep having to manually copy the credentials from SSO portal to my disk

Proposed Solution

Replicate the boto3 implementation?

Describe alternatives you've considered

N/A

Additional Context

N/A

Your Environment

  • AWS Java SDK version used: 1.11.880
  • JDK version used: 1.8
  • Operating System and version: MacOS X

andyndang avatar Oct 13 '20 23:10 andyndang

@andyndang thank you for reaching out, feature request noted.

debora-ito avatar Oct 13 '20 23:10 debora-ito

See https://github.com/aws/aws-cli/issues/4982 and https://github.com/aws/aws-sdk-java-v2/issues/1970.

I'm currently using https://github.com/victorskl/yawsso to work around the problem, but there are easily a half dozen other workarounds.

AWS Single Sign-On (SSO) is a really cool feature, but it's unfortunate that so few tools currently support it.

josephwofford avatar Jan 01 '21 11:01 josephwofford

This is a big pain point for us. Migrating to v2 is non-trivial, so we're stuck with nasty work-arounds to use SSO.

internetstaff avatar Apr 13 '21 14:04 internetstaff

@internetstaff thank you for reaching out, I understand that the task to migrate to v2 is not a trivial one. We'd like to add native support for SSO in v1 but currently the team efforts are focused in releasing features for SDK v2 and in closing the feature parity gap.

I'd like to point out that you can use v2 SSO Credential Provider with some modifications, even if your project uses mostly SDK v1. You can add the v2 sso dependency (showing here in a pom.xml file):

<dependency>
    <groupId>software.amazon.awssdk</groupId>
    <artifactId>sso</artifactId>
    <version>2.16.40</version>
</dependency>

and write an adapter to SsoCredentialsProvider for it to work in a v1 style credential provider. The adapter would look like the example shown here for a ProfileCredentialsProvider: https://github.com/aws/aws-sdk-java/issues/803#issuecomment-593530484

debora-ito avatar Apr 15 '21 02:04 debora-ito

@debora-ito Thank you, that actually worked pretty well, even with Spring Cloud AWS. :)

internetstaff avatar Apr 21 '21 21:04 internetstaff

At least you can use Leapp to generate temporary credentials from aws SSO and then use this inside the sdk

https://github.com/Noovolari/leapp

andreacavagna01 avatar May 23 '21 22:05 andreacavagna01

Is anyone able to provide an update on this? I'm just asking since the issue has been open for quite some time without much feedback. It would help us a lot of there was any kind of update so we could think about either upgrading to the v2 SDK or using the collection of workarounds in v1.

francis-a avatar Oct 05 '21 13:10 francis-a

Hi, any update on this topic?

wojtekk avatar May 13 '22 21:05 wojtekk

Hi - any updates on this topic?

thallium205 avatar Aug 08 '23 16:08 thallium205