Need means to login into IdP without requesting STS credentials

[ddriddle]

For our internal testing needs it would be useful to have a means to login into the IdP and get a cookie, but not request an STS credential. Add the following flag to support this operation:

$ aws login --idp-login-only

[edthedev]

@JonRoma or @cmaturi - Is there still interest in this feature to assist with testing? Thanks!

[JonRoma]

For my part, I don't remember this at all, and I can't say I've ever thought about this.

[ddriddle]

@JonRoma this was something that Scrum Team D was interested in. I think they may have found another solution. Not sure. I would ping Maiko or John Gordman but I don't seem able to here.

[JonRoma]

I haven't got a clue what they want.

[kwessel]

You're going to have a hard time hitting the IdP without telling it that the user is logging into a specific SP. It could be a fake SP, but there still has to be a destination, or the IdP will just error out. You, of course, don't have to do anything with the response; you can just drop it on the floor. Or you can parse it and display debugging info without sending it on to the SP (AWS, in this case). But there still has to be na SP involved.

[ddriddle]

@kwessel from what I remember from three years ago is that we wanted the cookie generated by the login to the IdP but did not really need the credentials from AWS. So yes, we would have to specify an SP, in this case AWS, but we do not have to request a token from AWS which would be the point of the flag.

[JonRoma]

@ddriddle, I would check with them directly to see if this is still a need. I haven't heard a peep about it, so I suspect it may have been a fleeting interest that has fleeted into the past.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days.