conjur icon indicating copy to clipboard operation
conjur copied to clipboard

Published 20 hours ago verified publisher icon cyberark

authn-iam uses unfamiliar AWS STS api

Open liavyona opened this issue 4 years ago • 3 comments

Is your feature request related to a problem? Please describe.

According to AWS STS GetCallerIdentity Docs, the request to the service should be a POST https://sts.amazonaws.com with data Action=GetCallerIdentity&Version=2011-06-15 instead of a GET https://sts.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15.

A clear and concise description of what the problem is. Ex. I would like to see [...] because [...]. I would like to see a post request (in addition to the get request to keep backwards compatibility) because a post request is the documented and preferred API of sts.

Describe the solution you would like

A fallback of POST request to GET request to AWS STS service.

liavyona avatar Jan 26 '21 08:01 liavyona

@shaharglazner you like this issue, eh?

orenbm avatar Jan 26 '21 09:01 orenbm

@liavyona is this really an enhancement or a bug?

izgeri avatar Jan 26 '21 21:01 izgeri

@izgeri It's an enhancement since the current one still works (even though it uses unknown API of STS) but we cannot rely that this API will stay available for us. Waiting for @InbalZilberman to confirm the fallback and I will push the changes

liavyona avatar Jan 27 '21 07:01 liavyona