aws-adfs icon indicating copy to clipboard operation
aws-adfs copied to clipboard

Published 20 hours ago verified publisher icon venth

[Feature request] Support Okta

Open yermulnik opened this issue 4 years ago • 5 comments

I've been using this marvelous tool for AWS auth via ADFS for about three years now and I want to appreciate what you guys do and the development effort being of high quality and speed.

Though the company I work for is switching from ADFS to Okta by the end of April and I'm indeed looking forward into having this option in aws-adfs.

Thanks in advance.

yermulnik avatar Mar 20 '20 18:03 yermulnik

Thanks @yermulnik for the praises :)

Adding Okta support would be awesome and if only I would be able to build a virtual environment to simulate Okta + AWS then I could think about extending functionality of this tool.

Do you know how to setup such an environment, so it would be feasible to develop application against the environment?

venth avatar Mar 21 '20 12:03 venth

Looks like Okta offers free accounts for developers. Hope this links would help:

  • https://developer.okta.com/code/python/
  • https://developer.okta.com/code/python/pysaml2/
  • https://developer.okta.com/docs/guides/customize-authz-server/overview/

yermulnik avatar Mar 21 '20 18:03 yermulnik

And since Okta can leverage SAML there's no any special requirement on AWS side apart from configuring Identity Provider and Trust Relationship for IAM Role just like one would do for ADFS. From what it looks like at least. As I've been said that my Company is going to update SAML Metadata of the Identity Provider and update Trust Relationship of the IAM Role I use. I'll update you with details once they have updates applied if there's something specific that you should take into account developing the feature.

Once again thanks for your effort and the great tool =)

yermulnik avatar Mar 21 '20 18:03 yermulnik

There are already a number of other tools that support Okta. In particular, Nike-Inc/gimme-aws-creds and Versent/saml2aws are both well-maintained.

It may be worth looking into using one of them instead of adding this functionality to a tool that is specific to ADFS.

damscott avatar Mar 24 '20 18:03 damscott

@damscott Thanks for the pointers. I will take a look at these along with a hope to see this option added to aws-adfs (sooner or later most of popular AWS auth tools come to a point where it's no longer expected to be specific to a particular auth type imho).

yermulnik avatar Mar 24 '20 18:03 yermulnik