Page created: 9 Sep 2021
|
Page updated: 16 Feb 2022
| 2 min read
Content Type How-to PingFederate Product SAML Standards, specifications, and protocols WS-Trust
Write a script to automate the authentication and get the security token from AWS.
-
The following template is an example script written in
.java, exported as a runnable .jar
file, and executed in a terminal window.
Note:
You can write your automation script in any language.
package com.pingidentity.sts; import com.amazonaws.auth.AnonymousAWSCredentials; import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; import com.amazonaws.services.securitytoken.model.AssumeRoleWithSAMLRequest; import com.amazonaws.services.securitytoken.model.AssumeRoleWithSAMLResult; import com.pingidentity.sts.clientapi.STSClient; import com.pingidentity.sts.clientapi.STSClientConfiguration; import com.pingidentity.sts.clientapi.model.RequestSecurityTokenData; import com.pingidentity.sts.clientapi.model.STSResponse; import com.pingidentity.sts.clientapi.tokens.wsse.UsernameToken; import java.util.Scanner; public class AssumeRoleWithSAMLSample { private static final String PING_STS = " "; https://<pingfedserver>:9031/idp/sts.wst private static final String PRINCIPAL_ARN = "arn:aws:iam::736827903656:saml-provider/PingFed"; private static final String ROLE_ARN = "arn:aws:iam::736827903656:role/Administrators"; public static void main(String[] args) throws Exception { AssumeRoleWithSAMLSample sample = new AssumeRoleWithSAMLSample(); sample.getTemporaryCredential(sample.getSAMLAssertion()); } protected String getTemporaryCredential (String assertion) { AWSSecurityTokenServiceClient client = new AWSSecurityTokenServiceClient(new AnonymousAWSCredentials()); AssumeRoleWithSAMLRequest assumeRoleRequest = new AssumeRoleWithSAMLRequest(); assumeRoleRequest.setPrincipalArn(PRINCIPAL_ARN); assumeRoleRequest.setRoleArn(ROLE_ARN); assumeRoleRequest.setSAMLAssertion(assertion); AssumeRoleWithSAMLResult result = client.assumeRoleWithSAML(assumeRoleRequest); System.out.println(result.toString()); return result.toString(); } protected String getSAMLAssertion () throws Exception { Scanner user_input = new Scanner( System.in ); String username; String password; System.out.print("Enter your AD UserID: "); username = user_input.next(); System.out.print("Enter your AD Password: "); password = user_input.next(); System.out.println("Getting assertion from PingFederate . . ."); STSClientConfiguration stsClientConfiguration = new STSClientConfiguration(); stsClientConfiguration.setStsEndpoint(PING_STS); stsClientConfiguration.setIgnoreSSLTrustErrors(true); STSClient client = new STSClient(stsClientConfiguration); RequestSecurityTokenData requestData = new RequestSecurityTokenData(); requestData.setRequestType(" "); http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue requestData.setTokenType("urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser"); requestData.setAppliesTo(" "); https://signin.aws.amazon.com/saml org.w3c.dom.Element token = null; UsernameToken usernameToken = new UsernameToken(); usernameToken.setUsername(username); usernameToken.setPassword(password); token = usernameToken.getRoot(); STSResponse respData; respData = client.makeRequest(requestData, token, null, null); String result = respData.getRstr().getToken().getFirstChild().getTextContent(); System.out.println("Returninig " + result); return result; } }