| Name | aws-adfs JSON |
| Version |
2.11.2
JSON |
| download |
| home_page | |
| Summary | AWS CLI authenticator via ADFS - small command-line tool to authenticate via ADFS and assume chosen role |
| upload_time | 2024-02-01 07:42:06 |
| maintainer | |
| docs_url | None |
| author | Venth |
| requires_python | >=3.7,<4.0 |
| license | |
| keywords |
aws
adfs
console
tool
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# aws-adfs
[](https://badge.fury.io/py/aws-adfs)
[](https://api.travis-ci.org/venth/aws-adfs.svg?branch=master)
The project provides command line tool - `aws-adfs` to ease AWS cli authentication against ADFS (multi factor authentication with active directory).
## `aws-adfs` command line tool
* allows you to re-login to STS without entering credentials for an extended period of time, without having to store the user's actual credentials. It also lets an organization control the period in which a user can re-login to STS without entering credentials, by altering the ADFS session lifetime.
* supports automation tools like ansible by providing security token in `AWS_SESSION_TOKEN`/`AWS_SECURITY_TOKEN` environment variables.
* supports using Security Support Provider Interface (SSPI) on Windows OS.
### MFA integration
aws-adfs integrates with:
* [duo security](https://duo.com) MFA provider with support for:
* Duo mobile application push (verified by code or not) using the `Duo Push` authentication method.
* Phone call using the `Phone Call` authentication method.
* OTP 6 digit codes generated by Duo Mobile application, and hardware tokens (e.g. RSA or Yubikey) using the `Passcode` authentication method.
* FIDO U2F (CTAP1) / FIDO2 (CTAP2) hardware authenticators using the `WebAuthn Security Key` authentication method.
* [Symantec VIP](https://vip.symantec.com/) MFA provider
* [RSA SecurID](https://www.rsa.com/) MFA provider
* [Azure AD MFA](https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks) with support for:
* Microsoft Authenticator app
* OTP 6 digit codes
* SMS codes
* Phone call
* [Silverfort](https://www.silverfort.com/) MFA provider
* [Thales/SafeNet Trusted Access](https://cpl.thalesgroup.com/access-management/authentication) MFA provider
* OTP 6 digit codes generated by MobilePASS+ Authenticator app
## Setup Dependencies
- `build-essential` (provides C/C++ compilers)
- `python3` `>= 3.7 <4.0`
- `python3-dev`
- `libkrb5-dev`
- `libxml2-dev`
## Installation
* user local installation with [pipx](https://github.com/pypa/pipx)
```
pipx install aws-adfs
```
* user local installation with pip
```
pip3 install --user aws-adfs
```
Please note, that you need to add $HOME/.local/bin to your PATH
* system wide installation
```
sudo pip3 install aws-adfs
```
* virtualenvs
```
virtualenv aws-adfs
source aws-adfs/bin/activate
pip install aws-adfs
...
...
deactivate
```
* Windows 10
- Install latest supported Visual C++ downloads from Microsoft for Visual Studio 2015, 2017 and 2019:
- https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads
- https://aka.ms/vs/16/release/vc_redist.x64.exe
- Install Python 3.7 from Microsoft Store:
- https://www.microsoft.com/en-us/p/python-37/9nj46sx7x90p
- Start PowerShell as Administrator
- Go to `C:\Program Files`:
```
C:
cd 'C:\Program Files\'
```
- Create virtual env:
```
python3 -m venv aws-adfs
```
- Install `aws-adfs`:
```
& 'C:\Program Files\aws-adfs\Scripts\pip' install aws-adfs
```
- Run it:
```
& 'C:\Program Files\aws-adfs\Scripts\aws-adfs' login --adfs-host=your-adfs-hostname
```
## Examples of usage
### `aws-adfs`
* login to your adfs host with disabled ssl verification on aws cli profile: adfs
```
aws-adfs login --adfs-host=your-adfs-hostname --no-ssl-verification
```
and verification
```
aws --profile=adfs s3 ls
```
* login to your adfs host with disabled ssl verification on specified aws cli profile: specified-profile
```
aws-adfs login --profile=specified-profile --adfs-host=your-adfs-hostname --no-ssl-verification
```
and verification
```
aws --profile=specified-profile s3 ls
```
* login to your adfs host and fetch roles for AWS GovCloud (US)
```
aws-adfs login --adfs-host=your-adfs-hostname --provider-id urn:amazon:webservices:govcloud --region us-gov-west-1
```
and verification
```
aws s3 ls
```
* login to your adfs host within ansible playbook
```
---
- name: "Auth sts aws"
command: "aws-adfs login --adfs-host sts.example.com --env --stdout --role-arn arn:aws:iam::000123456789:role/ADMIN"
register: sts_result
environment:
- username: "{{ ansible_user }}@example.com"
- password: "{{ ansible_ssh_pass }}"
- name: "Set sts facts"
set_fact:
sts: "{{ sts_result.stdout | from_json }}"
- name: "List s3 Buckets"
aws_s3_bucket_facts:
aws_access_key: "{{ sts.AccessKeyId }}"
aws_secret_key: "{{ sts.SecretAccessKey }}"
security_token: "{{ sts.SessionToken }}"
region: "us-east-1"
register: buckets
- name: "Print Buckets"
debug:
var: buckets
```
* login to your adfs host by passing username and password credentials via a file
```
aws-adfs login --adfs-host=your-adfs-hostname --authfile=/path/and/file/name
```
Auth file should be in format of
```
[profile_name]
username = your_username
password = your_password
```
* .aws/config profile for automatically refreshing credentials
```
[profile example-role-ue1]
credential_process=aws-adfs login --region=us-east-1 --role-arn=arn:aws:iam::1234567891234:role/example-role --adfs-host=adfs.example.com --stdout
```
Warning: see [AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html) about security considerations to take when sourcing credentials with an external process.
* help, help, help?
<!-- AWS_HELP_START -->
```
$ aws-adfs --help
Usage: aws-adfs [OPTIONS] COMMAND [ARGS]...
Options:
--version Show current tool version
-v, --verbose Enables debug information on stdout. By default log level is
set on ERROR
--help Show this message and exit.
Commands:
list lists available profiles
login Authenticates an user with active directory credentials
reset removes stored profile
```
<!-- AWS_HELP_END -->
<!-- AWS_LIST_HELP_START -->
```
$ aws-adfs list --help
Usage: aws-adfs list [OPTIONS]
lists available profiles
Options:
--help Show this message and exit.
```
<!-- AWS_LIST_HELP_END -->
<!-- AWS_LOGIN_HELP_START -->
```
$ aws-adfs login --help
Usage: aws-adfs login [OPTIONS]
Authenticates an user with active directory credentials
Options:
--profile TEXT AWS cli profile that will be authenticated.
After successful authentication just use:
aws --profile <authenticated profile>
<service> ...
--region TEXT The default AWS region that this script will
connect to for all API calls
--ssl-verification / --no-ssl-verification
SSL certificate verification: Whether or not
strict certificate verification is done,
False should only be used for dev/test
--adfs-ca-bundle TEXT Override CA bundle for SSL certificate
verification for ADFS server only.
--adfs-host TEXT For the first time for a profile it has to
be provided, next time for the same profile
it will be loaded from the stored
configuration
--output-format [json|text|table]
Output format used by aws cli
--provider-id TEXT Provider ID, e.g urn:amazon:webservices
(optional)
--s3-signature-version [s3v4] s3 signature version: Identifies the version
of AWS Signature to support for
authenticated requests. Valid values: s3v4
--username-password-command TEXT
Read username and password from the output
of a shell command (expected JSON format:
`{"username": "myusername", "password":
"mypassword"}`)
--mfa-token-command TEXT Read MFA token for Symantec or RSA
authenticators from the output of a shell
command (expected JSON format:
`{"mfa_token": "123654"}`)
--env Read username, password and optionally an
MFA token from environment variables
(username, password and mfa_token).
--stdin Read username, password from standard input
separated by a newline.
--authfile TEXT Read username, password from a local file
(optional)
--stdout Print aws_session_token in json on stdout.
--printenv Output commands to set AWS_ACCESS_KEY_ID,
AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN,
AWS_DEFAULT_REGION environmental variables
instead of saving them to the aws
configuration file.
--print-console-signin-url Output a URL that lets users who sign in to
your organization's network securely access
the AWS Management Console.
--console-role-arn TEXT Role to assume for use in conjunction with
--print-console-signin-url
--console-external-id TEXT External ID to pass in assume role for use
in conjunction with --print-console-signin-
url
--role-arn TEXT Predefined role arn to selects, e.g. aws-
adfs login --role-arn arn:aws:iam::123456789
012:role/YourSpecialRole
--session-duration INTEGER Define the amount of seconds you want to
establish your STS session, e.g. aws-adfs
login --session-duration 3600
--no-session-cache Do not use AWS session cache in
~/.aws/adfs_cache/ directory.
--assertfile TEXT Use SAML assertion response from a local
file
--sspi / --no-sspi Whether or not to use Kerberos SSO
authentication via SSPI (Windows only,
defaults to True).
--duo-factor TEXT Use a specific Duo factor, overriding the
default one configured server side. Known
Duo factors that can be used with aws-adfs
are "Duo Push", "Passcode", "Phone Call" and
"WebAuthn Security Key".
--duo-device TEXT Use a specific Duo device, overriding the
default one configured server side. Depends
heavily on the Duo factor used. Known Duo
devices that can be used with aws-adfs are
"phone1" for "Duo Push" and "Phone Call"
factors. For "Passcode" and "WebAuthn
Security Key" factors, it is always "None".
--enforce-role-arn Only allow the role passed in by --role-arn.
--aad-verification-code TEXT Verification code for Azure AD multi-factor
authentication.
--help Show this message and exit.
```
<!-- AWS_LOGIN_HELP_END -->
<!-- AWS_RESET_HELP_START -->
```
$ aws-adfs reset --help
Usage: aws-adfs reset [OPTIONS]
removes stored profile
Options:
--profile TEXT AWS cli profile that will be removed
--help Show this message and exit.
```
<!-- AWS_RESET_HELP_END -->
## Known issues
* duo-security
`Error: Cannot begin authentication process. The error response: {"message": "Unknown authentication method.", "stat": "FAIL"}`
Please setup preferred auth method in duo-security settings (settings' -> 'My Settings & Devices').
* USB FIDO2 does not work in Windows Subsystem for Linux (WSL)
`OSError: [Errno 2] No such file or directory: '/sys/class/hidraw'`
USB devices are not accessible in WSL, please install and run `aws-adfs` on the Windows 10 host and then access the credentials in WSL from the filesystem. Example:
```
export AWS_CONFIG_FILE=/mnt/c/Users/username/.aws/config
export AWS_SHARED_CREDENTIALS_FILE=/mnt/c/Users/username/.aws/credentials
```
* FIDO2 devices are not detected on Windows 10 build 1903 or newer
Running `aws-adfs` as Administrator is required since Windows 10 build 1903 to access FIDO2 devices, cf. https://github.com/Yubico/python-fido2/issues/55)
* in cases of trouble with lxml please install
```
sudo apt-get install python3-dev libxml2-dev libxslt1-dev zlib1g-dev
```
* in cases of trouble with pykerberos please install
```
sudo apt-get install python3-dev libkrb5-dev
```
* in cases of trouble with OSX Sierra (obsolete OpenSSL), upgrade OpenSSL. Example:
```
brew upgrade openssl
```
AND add explicit directive to .bash_profile:
```
export PATH=$(brew --prefix openssl)/bin:$PATH
```
* only python >= 3.7 to <4.0 are supported:
- python 2.6 is not supported
- python 2.7 is not supported
- python 3.2 is not supported
- python 3.3 is not supported
- python 3.4 is not supported
- python 3.5 is not supported
- python 3.6 is not supported
## Development
* update dependencies:
```
poetry update
```
* run unit tests:
```
poetry run pytest
```
* release:
```
export CHANGELOG_GITHUB_TOKEN=$(gopass show -o pins/Github/github-changelog-generator)
./scripts/release.sh patch # or minor, major, prepatch, preminor, premajor, prerelease, or a valid semver string
```
## Changelog
See the [CHANGELOG.md](CHANGELOG.md) file, which is generated using [github-changelog-generator](https://github.com/github-changelog-generator/github-changelog-generator).
Raw data
{
"_id": null,
"home_page": "",
"name": "aws-adfs",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7,<4.0",
"maintainer_email": "",
"keywords": "aws,adfs,console,tool",
"author": "Venth",
"author_email": "artur.krysiak.warszawa@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/e1/64/9f25e7252701b66e6b129ab019ecfd86f39cd4584b5707a044f6ba4e2a04/aws_adfs-2.11.2.tar.gz",
"platform": null,
"description": "# aws-adfs\n[](https://badge.fury.io/py/aws-adfs)\n[](https://api.travis-ci.org/venth/aws-adfs.svg?branch=master)\n\n\nThe project provides command line tool - `aws-adfs` to ease AWS cli authentication against ADFS (multi factor authentication with active directory).\n\n## `aws-adfs` command line tool\n\n* allows you to re-login to STS without entering credentials for an extended period of time, without having to store the user's actual credentials. It also lets an organization control the period in which a user can re-login to STS without entering credentials, by altering the ADFS session lifetime.\n\n* supports automation tools like ansible by providing security token in `AWS_SESSION_TOKEN`/`AWS_SECURITY_TOKEN` environment variables.\n\n* supports using Security Support Provider Interface (SSPI) on Windows OS.\n\n### MFA integration\n\naws-adfs integrates with:\n* [duo security](https://duo.com) MFA provider with support for:\n * Duo mobile application push (verified by code or not) using the `Duo Push` authentication method.\n * Phone call using the `Phone Call` authentication method.\n * OTP 6 digit codes generated by Duo Mobile application, and hardware tokens (e.g. RSA or Yubikey) using the `Passcode` authentication method.\n * FIDO U2F (CTAP1) / FIDO2 (CTAP2) hardware authenticators using the `WebAuthn Security Key` authentication method.\n* [Symantec VIP](https://vip.symantec.com/) MFA provider\n* [RSA SecurID](https://www.rsa.com/) MFA provider\n* [Azure AD MFA](https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks) with support for:\n * Microsoft Authenticator app\n * OTP 6 digit codes\n * SMS codes\n * Phone call\n* [Silverfort](https://www.silverfort.com/) MFA provider\n* [Thales/SafeNet Trusted Access](https://cpl.thalesgroup.com/access-management/authentication) MFA provider\n * OTP 6 digit codes generated by MobilePASS+ Authenticator app\n\n## Setup Dependencies\n\n- `build-essential` (provides C/C++ compilers)\n- `python3` `>= 3.7 <4.0`\n- `python3-dev`\n- `libkrb5-dev`\n- `libxml2-dev`\n\n## Installation\n\n* user local installation with [pipx](https://github.com/pypa/pipx)\n\n ```\n pipx install aws-adfs\n ```\n\n* user local installation with pip\n\n ```\n pip3 install --user aws-adfs\n ```\n\n Please note, that you need to add $HOME/.local/bin to your PATH\n\n* system wide installation\n\n ```\n sudo pip3 install aws-adfs\n ```\n\n* virtualenvs\n\n ```\n virtualenv aws-adfs\n source aws-adfs/bin/activate\n pip install aws-adfs\n ...\n ...\n deactivate\n ```\n\n* Windows 10\n\n - Install latest supported Visual C++ downloads from Microsoft for Visual Studio 2015, 2017 and 2019:\n - https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads\n - https://aka.ms/vs/16/release/vc_redist.x64.exe\n - Install Python 3.7 from Microsoft Store:\n - https://www.microsoft.com/en-us/p/python-37/9nj46sx7x90p\n - Start PowerShell as Administrator\n - Go to `C:\\Program Files`:\n ```\n C:\n cd 'C:\\Program Files\\'\n ```\n - Create virtual env:\n ```\n python3 -m venv aws-adfs\n ```\n - Install `aws-adfs`:\n ```\n & 'C:\\Program Files\\aws-adfs\\Scripts\\pip' install aws-adfs\n ```\n - Run it:\n ```\n & 'C:\\Program Files\\aws-adfs\\Scripts\\aws-adfs' login --adfs-host=your-adfs-hostname\n ```\n\n## Examples of usage\n\n### `aws-adfs`\n* login to your adfs host with disabled ssl verification on aws cli profile: adfs\n\n ```\n aws-adfs login --adfs-host=your-adfs-hostname --no-ssl-verification\n ```\n\n and verification\n\n ```\n aws --profile=adfs s3 ls\n ```\n\n* login to your adfs host with disabled ssl verification on specified aws cli profile: specified-profile\n\n ```\n aws-adfs login --profile=specified-profile --adfs-host=your-adfs-hostname --no-ssl-verification\n ```\n\n and verification\n\n ```\n aws --profile=specified-profile s3 ls\n ```\n\n* login to your adfs host and fetch roles for AWS GovCloud (US)\n\n ```\n aws-adfs login --adfs-host=your-adfs-hostname --provider-id urn:amazon:webservices:govcloud --region us-gov-west-1\n ```\n\n and verification\n\n ```\n aws s3 ls\n ```\n\n* login to your adfs host within ansible playbook\n\n ```\n ---\n - name: \"Auth sts aws\"\n command: \"aws-adfs login --adfs-host sts.example.com --env --stdout --role-arn arn:aws:iam::000123456789:role/ADMIN\"\n register: sts_result\n environment:\n - username: \"{{ ansible_user }}@example.com\"\n - password: \"{{ ansible_ssh_pass }}\"\n\n - name: \"Set sts facts\"\n set_fact:\n sts: \"{{ sts_result.stdout | from_json }}\"\n\n - name: \"List s3 Buckets\"\n aws_s3_bucket_facts:\n aws_access_key: \"{{\u00a0sts.AccessKeyId }}\"\n aws_secret_key: \"{{\u00a0sts.SecretAccessKey }}\"\n security_token: \"{{\u00a0sts.SessionToken }}\"\n region: \"us-east-1\"\n register: buckets\n\n - name: \"Print Buckets\"\n debug:\n var: buckets\n ```\n\n* login to your adfs host by passing username and password credentials via a file\n\n ```\n aws-adfs login --adfs-host=your-adfs-hostname --authfile=/path/and/file/name\n ```\n\n Auth file should be in format of\n\n ```\n [profile_name]\n username = your_username\n password = your_password\n ```\n\n* .aws/config profile for automatically refreshing credentials\n ```\n [profile example-role-ue1]\n credential_process=aws-adfs login --region=us-east-1 --role-arn=arn:aws:iam::1234567891234:role/example-role --adfs-host=adfs.example.com --stdout\n ```\n Warning: see [AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html) about security considerations to take when sourcing credentials with an external process.\n\n* help, help, help?\n <!-- AWS_HELP_START -->\n ```\n $ aws-adfs --help\n Usage: aws-adfs [OPTIONS] COMMAND [ARGS]...\n\n Options:\n --version Show current tool version\n -v, --verbose Enables debug information on stdout. By default log level is\n set on ERROR\n --help Show this message and exit.\n\n Commands:\n list lists available profiles\n login Authenticates an user with active directory credentials\n reset removes stored profile\n ```\n <!-- AWS_HELP_END -->\n\n <!-- AWS_LIST_HELP_START -->\n ```\n $ aws-adfs list --help\n Usage: aws-adfs list [OPTIONS]\n\n lists available profiles\n\n Options:\n --help Show this message and exit.\n ```\n <!-- AWS_LIST_HELP_END -->\n\n <!-- AWS_LOGIN_HELP_START -->\n ```\n $ aws-adfs login --help\n Usage: aws-adfs login [OPTIONS]\n\n Authenticates an user with active directory credentials\n\n Options:\n --profile TEXT AWS cli profile that will be authenticated.\n After successful authentication just use:\n aws --profile <authenticated profile>\n <service> ...\n --region TEXT The default AWS region that this script will\n connect to for all API calls\n --ssl-verification / --no-ssl-verification\n SSL certificate verification: Whether or not\n strict certificate verification is done,\n False should only be used for dev/test\n --adfs-ca-bundle TEXT Override CA bundle for SSL certificate\n verification for ADFS server only.\n --adfs-host TEXT For the first time for a profile it has to\n be provided, next time for the same profile\n it will be loaded from the stored\n configuration\n --output-format [json|text|table]\n Output format used by aws cli\n --provider-id TEXT Provider ID, e.g urn:amazon:webservices\n (optional)\n --s3-signature-version [s3v4] s3 signature version: Identifies the version\n of AWS Signature to support for\n authenticated requests. Valid values: s3v4\n --username-password-command TEXT\n Read username and password from the output\n of a shell command (expected JSON format:\n `{\"username\": \"myusername\", \"password\":\n \"mypassword\"}`)\n --mfa-token-command TEXT Read MFA token for Symantec or RSA\n authenticators from the output of a shell\n command (expected JSON format:\n `{\"mfa_token\": \"123654\"}`)\n --env Read username, password and optionally an\n MFA token from environment variables\n (username, password and mfa_token).\n --stdin Read username, password from standard input\n separated by a newline.\n --authfile TEXT Read username, password from a local file\n (optional)\n --stdout Print aws_session_token in json on stdout.\n --printenv Output commands to set AWS_ACCESS_KEY_ID,\n AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN,\n AWS_DEFAULT_REGION environmental variables\n instead of saving them to the aws\n configuration file.\n --print-console-signin-url Output a URL that lets users who sign in to\n your organization's network securely access\n the AWS Management Console.\n --console-role-arn TEXT Role to assume for use in conjunction with\n --print-console-signin-url\n --console-external-id TEXT External ID to pass in assume role for use\n in conjunction with --print-console-signin-\n url\n --role-arn TEXT Predefined role arn to selects, e.g. aws-\n adfs login --role-arn arn:aws:iam::123456789\n 012:role/YourSpecialRole\n --session-duration INTEGER Define the amount of seconds you want to\n establish your STS session, e.g. aws-adfs\n login --session-duration 3600\n --no-session-cache Do not use AWS session cache in\n ~/.aws/adfs_cache/ directory.\n --assertfile TEXT Use SAML assertion response from a local\n file\n --sspi / --no-sspi Whether or not to use Kerberos SSO\n authentication via SSPI (Windows only,\n defaults to True).\n --duo-factor TEXT Use a specific Duo factor, overriding the\n default one configured server side. Known\n Duo factors that can be used with aws-adfs\n are \"Duo Push\", \"Passcode\", \"Phone Call\" and\n \"WebAuthn Security Key\".\n --duo-device TEXT Use a specific Duo device, overriding the\n default one configured server side. Depends\n heavily on the Duo factor used. Known Duo\n devices that can be used with aws-adfs are\n \"phone1\" for \"Duo Push\" and \"Phone Call\"\n factors. For \"Passcode\" and \"WebAuthn\n Security Key\" factors, it is always \"None\".\n --enforce-role-arn Only allow the role passed in by --role-arn.\n --aad-verification-code TEXT Verification code for Azure AD multi-factor\n authentication.\n --help Show this message and exit.\n ```\n <!-- AWS_LOGIN_HELP_END -->\n\n <!-- AWS_RESET_HELP_START -->\n ```\n $ aws-adfs reset --help\n Usage: aws-adfs reset [OPTIONS]\n\n removes stored profile\n\n Options:\n --profile TEXT AWS cli profile that will be removed\n --help Show this message and exit.\n ```\n <!-- AWS_RESET_HELP_END -->\n\n## Known issues\n\n* duo-security\n\n `Error: Cannot begin authentication process. The error response: {\"message\": \"Unknown authentication method.\", \"stat\": \"FAIL\"}`\n\n Please setup preferred auth method in duo-security settings (settings' -> 'My Settings & Devices').\n\n* USB FIDO2 does not work in Windows Subsystem for Linux (WSL)\n\n `OSError: [Errno 2] No such file or directory: '/sys/class/hidraw'`\n\n USB devices are not accessible in WSL, please install and run `aws-adfs` on the Windows 10 host and then access the credentials in WSL from the filesystem. Example:\n\n ```\n export AWS_CONFIG_FILE=/mnt/c/Users/username/.aws/config\n export AWS_SHARED_CREDENTIALS_FILE=/mnt/c/Users/username/.aws/credentials\n ```\n\n* FIDO2 devices are not detected on Windows 10 build 1903 or newer\n\n Running `aws-adfs` as Administrator is required since Windows 10 build 1903 to access FIDO2 devices, cf. https://github.com/Yubico/python-fido2/issues/55)\n\n* in cases of trouble with lxml please install\n\n ```\n sudo apt-get install python3-dev libxml2-dev libxslt1-dev zlib1g-dev\n ```\n\n* in cases of trouble with pykerberos please install\n\n ```\n sudo apt-get install python3-dev libkrb5-dev\n ```\n\n* in cases of trouble with OSX Sierra (obsolete OpenSSL), upgrade OpenSSL. Example:\n ```\n brew upgrade openssl\n ```\n AND add explicit directive to .bash_profile:\n ```\n export PATH=$(brew --prefix openssl)/bin:$PATH\n ```\n\n* only python >= 3.7 to <4.0 are supported:\n - python 2.6 is not supported\n - python 2.7 is not supported\n - python 3.2 is not supported\n - python 3.3 is not supported\n - python 3.4 is not supported\n - python 3.5 is not supported\n - python 3.6 is not supported\n\n## Development\n\n* update dependencies:\n```\npoetry update\n```\n\n* run unit tests:\n```\npoetry run pytest\n```\n\n* release:\n\n```\nexport CHANGELOG_GITHUB_TOKEN=$(gopass show -o pins/Github/github-changelog-generator)\n./scripts/release.sh patch # or minor, major, prepatch, preminor, premajor, prerelease, or a valid semver string\n```\n\n## Changelog\n\nSee the [CHANGELOG.md](CHANGELOG.md) file, which is generated using [github-changelog-generator](https://github.com/github-changelog-generator/github-changelog-generator).\n",
"bugtrack_url": null,
"license": "",
"summary": "AWS CLI authenticator via ADFS - small command-line tool to authenticate via ADFS and assume chosen role",
"version": "2.11.2",
"project_urls": null,
"split_keywords": [
"aws",
"adfs",
"console",
"tool"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "b25e217c70e80af59f3395c396a5802175529e875aeba90fe05e463c4675a226",
"md5": "6d413cc5d2d7cac77de0fe3d3b92210a",
"sha256": "b897408e74d96f57f00df8642fa792bc0b9ee384b73e851bf7767e96bcda34d5"
},
"downloads": -1,
"filename": "aws_adfs-2.11.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "6d413cc5d2d7cac77de0fe3d3b92210a",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7,<4.0",
"size": 42836,
"upload_time": "2024-02-01T07:42:03",
"upload_time_iso_8601": "2024-02-01T07:42:03.588421Z",
"url": "https://files.pythonhosted.org/packages/b2/5e/217c70e80af59f3395c396a5802175529e875aeba90fe05e463c4675a226/aws_adfs-2.11.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "e1649f25e7252701b66e6b129ab019ecfd86f39cd4584b5707a044f6ba4e2a04",
"md5": "a930b63d4e1ee3ebadff3a31762bb497",
"sha256": "ce56ae8060007f150ad654051eeef2c36edaf076d29a3a0c039cbf011f304463"
},
"downloads": -1,
"filename": "aws_adfs-2.11.2.tar.gz",
"has_sig": false,
"md5_digest": "a930b63d4e1ee3ebadff3a31762bb497",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7,<4.0",
"size": 36041,
"upload_time": "2024-02-01T07:42:06",
"upload_time_iso_8601": "2024-02-01T07:42:06.725177Z",
"url": "https://files.pythonhosted.org/packages/e1/64/9f25e7252701b66e6b129ab019ecfd86f39cd4584b5707a044f6ba4e2a04/aws_adfs-2.11.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-02-01 07:42:06",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "aws-adfs"
}
