Merge pull request Versent#420 from Versent/fix_console_issuer

fix(console) Updated issuer to use correct value
ffafara-tw · Feb 1, 2020 · 39b656a · 39b656a
2 parents 3a9abd5 + d47dda6
commit 39b656a
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -120,7 +120,7 @@ Flags:
       --verbose                Enable verbose logging
   -i, --provider=PROVIDER      This flag is obsolete. See: https://github.com/Versent/saml2aws#configuring-idp-accounts
   -a, --idp-account="default"  The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT)
-      --idp-provider=IDP-PROVIDER
+      --idp-provider=IDP-PROVIDER  
                                The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER)
       --mfa=MFA                The name of the mfa. (env: SAML2AWS_MFA)
   -s, --skip-verify            Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY)
@@ -131,32 +131,63 @@ Flags:
       --role=ROLE              The ARN of the role to assume. (env: SAML2AWS_ROLE)
       --aws-urn=AWS-URN        The URN used by SAML when you login. (env: SAML2AWS_AWS_URN)
       --skip-prompt            Skip prompting for parameters during login.
-      --session-duration=SESSION-DURATION
+      --session-duration=SESSION-DURATION  
                                The duration of your AWS Session. (env: SAML2AWS_SESSION_DURATION)
       --disable-keychain       Do not use keychain at all.
 
 Commands:
   help [<command>...]
     Show help.
 
+
   configure [<flags>]
     Configure a new IDP account.
 
+        --app-id=APP-ID            OneLogin app id required for SAML assertion. (env: ONELOGIN_APP_ID)
+        --client-id=CLIENT-ID      OneLogin client id, used to generate API access token. (env: ONELOGIN_CLIENT_ID)
+        --client-secret=CLIENT-SECRET  
+                                   OneLogin client secret, used to generate API access token. (env: ONELOGIN_CLIENT_SECRET)
+        --subdomain=SUBDOMAIN      OneLogin subdomain of your company account. (env: ONELOGIN_SUBDOMAIN)
+    -p, --profile=PROFILE          The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
+        --resource-id=RESOURCE-ID  F5APM SAML resource ID of your company account. (env: SAML2AWS_F5APM_RESOURCE_ID)
+        --config=CONFIG            Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE)
+
   login [<flags>]
     Login to a SAML 2.0 IDP and convert the SAML assertion to an STS token.
 
+    -p, --profile=PROFILE      The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
+        --duo-mfa-option=DUO-MFA-OPTION  
+                               The MFA option you want to use to authenticate with
+        --client-id=CLIENT-ID  OneLogin client id, used to generate API access token. (env: ONELOGIN_CLIENT_ID)
+        --client-secret=CLIENT-SECRET  
+                               OneLogin client secret, used to generate API access token. (env: ONELOGIN_CLIENT_SECRET)
+        --force                Refresh credentials even if not expired.
+
   exec [<flags>] [<command>...]
     Exec the supplied command with env vars from STS token.
 
+    -p, --profile=PROFILE  The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
+        --exec-profile=EXEC-PROFILE  
+                           The AWS profile to utilize for command execution. Useful to allow the aws cli to perform secondary role assumption. (env:
+                           SAML2AWS_EXEC_PROFILE)
+
   console [<flags>]
     Console will open the aws console after logging in.
 
+    -p, --profile=PROFILE  The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
+        --force            Refresh credentials even if not expired.
+
   list-roles
     List available role ARNs.
 
+
   script [<flags>]
     Emit a script that will export environment variables.
 
+    -p, --profile=PROFILE  The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
+        --shell=bash       Type of shell environment. Options include: bash, powershell, fish
+
+
 ```
 
 

diff --git a/cmd/saml2aws/commands/console.go b/cmd/saml2aws/commands/console.go
@@ -3,7 +3,6 @@ package commands
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/versent/saml2aws/pkg/cfg"
 	"io/ioutil"
 	"net/http"
 	"net/url"
@@ -12,11 +11,13 @@ import (
 	"github.com/pkg/errors"
 	"github.com/skratchdot/open-golang/open"
 	"github.com/versent/saml2aws/pkg/awsconfig"
+	"github.com/versent/saml2aws/pkg/cfg"
 	"github.com/versent/saml2aws/pkg/flags"
 )
 
 const (
 	federationURL = "https://signin.aws.amazon.com/federation"
+	issuer        = "saml2aws"
 )
 
 // Exec execute the supplied command after seeding the environment
@@ -156,8 +157,9 @@ func federatedLogin(creds *awsconfig.AWSCredentials, consoleFlags *flags.LoginEx
 	destination := "https://console.aws.amazon.com/"
 
 	loginURL := fmt.Sprintf(
-		"%s?Action=login&Issuer=aws-okta&Destination=%s&SigninToken=%s",
+		"%s?Action=login&Issuer=%s&Destination=%s&SigninToken=%s",
 		federationURL,
+		issuer,
 		url.QueryEscape(destination),
 		url.QueryEscape(signinToken),
 	)