Support for S3 saml federated authentication (token)

Asked by stepedro83 on 2017-05-12

Hi!

I would like to use duplicity to S3 in an active directory environment and leverage the federated temporary authentication as described here: https://aws.amazon.com/it/blogs/security/how-to-implement-federated-api-and-cli-access-using-saml-2-0-and-ad-fs/

In our company we have a python script to generate the temporary credentials.

I have 2 questions:

1) is there a way to have duplicity authenticating using the session token?
saml.aws_access_key_id
saml.aws_secret_access_key
saml.aws_session_token

2) considering a (common) case when the token last for 1h and duplicity job run longer, is there a way to refresh those credentials without having the job to fail?

As I see, duplicity would need to re-invoke the federated authentication scripts every time expires.

Thanks!

Question information

Language:
English Edit question
Status:
Solved
For:
Duplicity Edit question
Assignee:
No assignee Edit question
Solved by:
Kenneth Loafman
Solved:
2017-05-18
Last query:
2017-05-18
Last reply:
2017-05-18

No, this has not been implemented. Feel free to add a patch or merge request if you get the time. All submissions are appreciated.

stepedro83 (stepedro83) said : #2

Thanks Ken,

We just manage to have it working with some minor changes. We are testing and we will submit a patch as soon as we complete some tests.

Best

stepedro83 (stepedro83) said : #3

Thanks Kenneth Loafman, that solved my question.