GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → glnds → masl

glnds / masl

Licence: MIT license
Assume an AWS Role using Onelogin

Programming Languages

go
31211 projects - #10 most used programming language
Makefile
30231 projects
ruby
36898 projects - #4 most used programming language

Labels

awssamlaws-iamonelogin

Projects that are alternatives of or similar to masl

wp-simple-saml
WordPress Simple SAML plugin
Stars: ✭ 73 (+204.17%)
Mutual labels:  saml, onelogin
onelogin-aws-cli
Assume an AWS Role and cache credentials using Onelogin
Stars: ✭ 55 (+129.17%)
Mutual labels:  saml, onelogin
saml-auth-proxy
Provides a SAML SP authentication proxy for backend web services
Stars: ✭ 38 (+58.33%)
Mutual labels:  saml
holochrome
Use your IAM role (from instance metadata) to open the AWS console
Stars: ✭ 102 (+325%)
Mutual labels:  aws-iam
salesforce-iam-flows
Node.js application that implements some of the most common SAML and OAuth flows in Salesforce.
Stars: ✭ 31 (+29.17%)
Mutual labels:  saml
caddy-security
🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
Stars: ✭ 696 (+2800%)
Mutual labels:  saml
SAML-tracer
Browser extension for examining SAML messages
Stars: ✭ 104 (+333.33%)
Mutual labels:  saml
SimpleTOTP
A highly configurable yet simple to use TOTP based two-factor authentication processing module for SimpleSAMLphp.
Stars: ✭ 16 (-33.33%)
Mutual labels:  saml
casdoor
An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS, QQ group: 645200447
Stars: ✭ 4,147 (+17179.17%)
Mutual labels:  saml
webprofile-ref-project
A example project to demonstrate implementing SAML Web browser SSO profile using OpenSAML V2
Stars: ✭ 23 (-4.17%)
Mutual labels:  saml
aws-missing-tools
Random tools I've written to make life easier using AWS, namely aws-choose-profile and aws-mfa-login
Stars: ✭ 46 (+91.67%)
Mutual labels:  aws-iam
authentik
The authentication glue you need.
Stars: ✭ 2,941 (+12154.17%)
Mutual labels:  saml
react-relay-appsync
AppSync for Relay
Stars: ✭ 19 (-20.83%)
Mutual labels:  aws-iam
jax-rs-pac4j
Security library for JAX-RS and Jersey
Stars: ✭ 48 (+100%)
Mutual labels:  saml
grpc-vpn
🍄 VPN supporting authentication such as Google OpenID Connect or AWS IAM ..., over GRPC.
Stars: ✭ 49 (+104.17%)
Mutual labels:  aws-iam
requests-arcgis-auth
Authentication handler for using Esri ArcGIS for Server and Portal (ArcGIS Online) Token Authentication with Python Requests
Stars: ✭ 21 (-12.5%)
Mutual labels:  saml
okta-spring-boot-saml-example
Spring Boot, SAML, and Okta
Stars: ✭ 52 (+116.67%)
Mutual labels:  saml
terraform-aws-enforce-mfa
A terraform module to enforce MFA for AWS groups and users
Stars: ✭ 24 (+0%)
Mutual labels:  aws-iam
sso-examples
Single Sign-On (SSO) examples for Metabase integration
Stars: ✭ 39 (+62.5%)
Mutual labels:  saml
lemonldap-ng
LemonLDAP::NG main code
Stars: ✭ 49 (+104.17%)
Mutual labels:  saml
View All Similar Projects ➔

Release Software License Go Report Card CircleCI build workflow

MASL

MASL

Pronounced [mɑzəl] form the Dutch word 'mazzel', meaning luck. 'masl' is also an anagram from the word 'SAML'. This tool allows you to use onelogin to assume an AWS role through SAML authentication.

Getting Started

Installation

Just download the latest release under https://github.com/glnds/masl/releases. Don't forget to make it executable and link it from somewhere in your $PATH on UNIX-like platforms.

OS X

  • Open Masl.dmg
  • Move the file masl-vx.x.x-darwin-amd64 to /usr/local/bin and rename it to masl.
  • done :)

Windows

  • rename masl-vx.x.x-windows-amd64 to masl.exe and execute to install.

Configuration

All configuration is done using a .masl/config.toml file in your user's home directory. An example toml config file is included: masl-example.toml. Copy masl-example.toml and rename it to .masl/config.toml. Adjust the values to reflect your environment.

The minimal configuration should look like this:


BaseURL = 'https://api.eu.onelogin.com/'
ClientID = 'onelogin client id'
ClientSecret = 'onelogin client secret'
AppID = 'onelogin app id'
Subdomain = 'subdomain of the onelogin user'
Username = 'onelogin username or email'

Optional settings:

Duration = 'Assume role maximum session duration' (default 3600)
LegacyToken = true/false (configures legacy aws_security_token (for Boto support))
Debug = true/false (Set to true for debug logging, default off)
Profile = 'Value for environment variable AWS_PROFILE' (default = 'masl')
DefaulMFADevice = 'name of your default MFA device (for example 'Yubico YubiKey')'

If specifying a custom duration assure this duration is allowed on the AWS role itself as well. See: Enable Federated API Access to your AWS Resources for up to 12 hours Using IAM Roles

Multi-Account management

One of the main drivers to develop another Onelogin CLI authenticator was to ease the management of multiple AWS accounts. Most of the tools currently lack those features and that makes switching AWS accounts bothersome. For this purpose .masl/config.toml supports the following features:

Account naming

You can provide account names (aliases) for all accounts you have access to:

...
[[Accounts]]
ID = '1234567890'
Name = 'account-x'

[[Accounts]]
ID = '1122334455'
Name = 'account-y'

[[Accounts]]
ID = '0987654321'
Name = 'account-z'
...
Environments containing account subsets

If your account list grows too big it is often handy to limit the list to your current work context. This can be achieved by defining environments:

...
[[Environments]]
Name = 'governance'
Accounts = ['1234567890', '1122334455']
...

Furthermore accounts can be marked as 'Environment Independent`, in that case they will show up in all your environments.

...
[[Accounts]]
ID = '1234567890'
Name = 'base-account'
EnvironmentIndependent = true
...

usage: masl -env [environment_name]

Usage

Just run masl on your command line.

Optional command line arguments:

  -account string
        AWS Account ID or name
  -env string
        Work environment
  -legacy-token
        configures legacy aws_security_token (for Boto support)
  -profile string
        AWS profile name (default "masl")
  -role string
        AWS role name
  -version
        prints MASL version

Assure the environment variable AWS_PROFILE is set to masl (or the overrided value specified in .masl/config.toml or the -profile command line option).

Non-interactive usage

If you use command line tools to manage your passwords and generate otp tokens then you can set environment variables for the password and otp token. For example if you use pass to manage your passwords and totp-cli to generate tokens, then you can write a script like this:

#!/usr/bin/env bash
PASSWORD=$(pass <the-service>) OTP=$(totp <the-service>) masl

Development

Makefile

This project includes a ```makefile`` to make your life easy.

  • make clean: clean up your workspace
  • make build: build this project
  • make lint: run golangci-lint run

Running the tests

TODO: Explain how to run the automated tests for this system

Built With

Logging

A log file masl.log is created and added on your user's home directory. The default log level is 'INFO'. For debug logging set Debug = true in .masl/config.toml.

Contributing

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request :Do us.

Versioning

SemVer is used for versioning. For the versions available, see the tags on this repository.

FAQ

My login is successful but I'm unable to access my AWS account?

The AWS CLI uses default as default for the variable AWS_PROFILE. MASL uses masl as default AWS profile name to store the AWS credentials (as a safety net for not overriding your default settings).

To fix this do one of the following:

  • set the value of AWS_PROFILE to masl
  • in your .masl/config.toml add the line Profile = 'default'
  • start masl with the -profile default option

I have multiple MFA devices defined, is it possible to set one of them as default?

yes in your .masl/config.toml set a value for the variable DefaulMFADevice

License

This project is licensed under the MIT License - see the LICENSE.md file for details

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].