-
-
Notifications
You must be signed in to change notification settings - Fork 293
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Suport to login using temporary credentials from Security Token Service (STS API) using OpenID Connect web identity #13804
Comments
Related documentation from Minio. |
2 tasks
Wasabi Documentation 1 Footnotes |
5 tasks
This was referenced Aug 7, 2023
dkocher
added a commit
that referenced
this issue
Aug 11, 2023
…oak-simplified Slimmed keycloak-realm.json.
dkocher
added a commit
that referenced
this issue
Aug 16, 2023
…ts-containertests Bugfix STS testcontainer tests (BeforeClass annotation in abstract te…
dkocher
changed the title
Support for non-AWS STS for S3
Suport to login using temporary credentials from STS API using OpenID Connect web identity
Aug 24, 2023
dkocher
changed the title
Suport to login using temporary credentials from STS API using OpenID Connect web identity
Suport to login using temporary credentials from Security Token Service (STS API) using OpenID Connect web identity
Aug 24, 2023
dkocher
added a commit
that referenced
this issue
Aug 28, 2023
Allow connection profiles to use custom STS and OIDC endpoints
The feature is now available in the latest snapshot build. You are welcome to give it a try with your setup. We have tested the combinations available as connection profiles in 1: The setup steps required in AWS are outlined in 2. Feedback is much appreciated. Footnotes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I considered writing this on #13377 or #13381, however these are mostly related to AWS specifically which isn't quite what I am looking for. I am currently using Wasabi for S3 and looking for a way to authenticate users from an IdP (SSO).
Wasabi supports AssumeRole, however to use that directly I would need to create users on Wasabi and manage their privileges there; and I would rather manage user accounts and their privileges from our IdP.
My goals are:
AssumeRoleWithWebIdentityResponse
orAssumeRoleResponse
I would like to do something like the following:
I am not entirely sure how the callback to Wasabi could be done or what is feasible. The Cyberduck would obviously need the credentials, and some way to refresh the credentials when they are about to expire, like a session token or cookie.
While AWS' S3 SDK is very general and allows access to any compliant service, their authentication, particularly related to SSO seems to be very locked to their IdP. Additionally, using an external configuration file (e.g.
~/.aws/credentials
) is not user friendly.I've read through the documentation and not found anything helpful, and neither are other issues on the topic such as this one: #11133
The text was updated successfully, but these errors were encountered: