From d47dda605a976e227288d7db18e44ce9bb5bf7cf Mon Sep 17 00:00:00 2001
From: Mark Wolfe <mark@wolfe.id.au>
Date: Sat, 1 Feb 2020 11:42:25 +1100
Subject: [PATCH] fix(console) Updated issuer to use correct value

* Also updated README as per comment from @onyxraven
---
 README.md                        | 35 ++++++++++++++++++++++++++++++--
 cmd/saml2aws/commands/console.go |  6 ++++--
 2 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index f5d348bef..cafa22247 100644
--- a/README.md
+++ b/README.md
@@ -120,7 +120,7 @@ Flags:
       --verbose                Enable verbose logging
   -i, --provider=PROVIDER      This flag is obsolete. See: https://github.com/Versent/saml2aws#configuring-idp-accounts
   -a, --idp-account="default"  The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT)
-      --idp-provider=IDP-PROVIDER
+      --idp-provider=IDP-PROVIDER  
                                The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER)
       --mfa=MFA                The name of the mfa. (env: SAML2AWS_MFA)
   -s, --skip-verify            Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY)
@@ -131,7 +131,7 @@ Flags:
       --role=ROLE              The ARN of the role to assume. (env: SAML2AWS_ROLE)
       --aws-urn=AWS-URN        The URN used by SAML when you login. (env: SAML2AWS_AWS_URN)
       --skip-prompt            Skip prompting for parameters during login.
-      --session-duration=SESSION-DURATION
+      --session-duration=SESSION-DURATION  
                                The duration of your AWS Session. (env: SAML2AWS_SESSION_DURATION)
       --disable-keychain       Do not use keychain at all.
 
@@ -139,24 +139,55 @@ Commands:
   help [<command>...]
     Show help.
 
+
   configure [<flags>]
     Configure a new IDP account.
 
+        --app-id=APP-ID            OneLogin app id required for SAML assertion. (env: ONELOGIN_APP_ID)
+        --client-id=CLIENT-ID      OneLogin client id, used to generate API access token. (env: ONELOGIN_CLIENT_ID)
+        --client-secret=CLIENT-SECRET  
+                                   OneLogin client secret, used to generate API access token. (env: ONELOGIN_CLIENT_SECRET)
+        --subdomain=SUBDOMAIN      OneLogin subdomain of your company account. (env: ONELOGIN_SUBDOMAIN)
+    -p, --profile=PROFILE          The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
+        --resource-id=RESOURCE-ID  F5APM SAML resource ID of your company account. (env: SAML2AWS_F5APM_RESOURCE_ID)
+        --config=CONFIG            Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE)
+
   login [<flags>]
     Login to a SAML 2.0 IDP and convert the SAML assertion to an STS token.
 
+    -p, --profile=PROFILE      The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
+        --duo-mfa-option=DUO-MFA-OPTION  
+                               The MFA option you want to use to authenticate with
+        --client-id=CLIENT-ID  OneLogin client id, used to generate API access token. (env: ONELOGIN_CLIENT_ID)
+        --client-secret=CLIENT-SECRET  
+                               OneLogin client secret, used to generate API access token. (env: ONELOGIN_CLIENT_SECRET)
+        --force                Refresh credentials even if not expired.
+
   exec [<flags>] [<command>...]
     Exec the supplied command with env vars from STS token.
 
+    -p, --profile=PROFILE  The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
+        --exec-profile=EXEC-PROFILE  
+                           The AWS profile to utilize for command execution. Useful to allow the aws cli to perform secondary role assumption. (env:
+                           SAML2AWS_EXEC_PROFILE)
+
   console [<flags>]
     Console will open the aws console after logging in.
 
+    -p, --profile=PROFILE  The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
+        --force            Refresh credentials even if not expired.
+
   list-roles
     List available role ARNs.
 
+
   script [<flags>]
     Emit a script that will export environment variables.
 
+    -p, --profile=PROFILE  The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
+        --shell=bash       Type of shell environment. Options include: bash, powershell, fish
+
+
 ```
 
 
diff --git a/cmd/saml2aws/commands/console.go b/cmd/saml2aws/commands/console.go
index c61ece7cf..43f8e1593 100644
--- a/cmd/saml2aws/commands/console.go
+++ b/cmd/saml2aws/commands/console.go
@@ -3,7 +3,6 @@ package commands
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/versent/saml2aws/pkg/cfg"
 	"io/ioutil"
 	"net/http"
 	"net/url"
@@ -12,11 +11,13 @@ import (
 	"github.com/pkg/errors"
 	"github.com/skratchdot/open-golang/open"
 	"github.com/versent/saml2aws/pkg/awsconfig"
+	"github.com/versent/saml2aws/pkg/cfg"
 	"github.com/versent/saml2aws/pkg/flags"
 )
 
 const (
 	federationURL = "https://signin.aws.amazon.com/federation"
+	issuer        = "saml2aws"
 )
 
 // Exec execute the supplied command after seeding the environment
@@ -156,8 +157,9 @@ func federatedLogin(creds *awsconfig.AWSCredentials, consoleFlags *flags.LoginEx
 	destination := "https://console.aws.amazon.com/"
 
 	loginURL := fmt.Sprintf(
-		"%s?Action=login&Issuer=aws-okta&Destination=%s&SigninToken=%s",
+		"%s?Action=login&Issuer=%s&Destination=%s&SigninToken=%s",
 		federationURL,
+		issuer,
 		url.QueryEscape(destination),
 		url.QueryEscape(signinToken),
 	)