Duplicity

Support for S3 saml federated authentication (token)

Asked by stepedro83 on 2017-05-12

Hi!

I would like to use duplicity to S3 in an active directory environment and leverage the federated temporary authentication as described here: https://aws.amazon.com/it/blogs/security/how-to-implement-federated-api-and-cli-access-using-saml-2-0-and-ad-fs/

In our company we have a python script to generate the temporary credentials.

I have 2 questions:

1) is there a way to have duplicity authenticating using the session token?
saml.aws_access_key_id
saml.aws_secret_access_key
saml.aws_session_token

2) considering a (common) case when the token last for 1h and duplicity job run longer, is there a way to refresh those credentials without having the job to fail?

As I see, duplicity would need to re-invoke the federated authentication scripts every time expires.

Thanks!

Question information

Language:: English Edit question

Status:: Solved

For:: Duplicity Edit question

Assignee:: No assignee Edit question

Solved by:: Kenneth Loafman

Solved:: 2017-05-18

Last query:: 2017-05-18

Last reply:: 2017-05-18

Link existing bug

Kenneth Loafman (kenneth-loafman) said on 2017-05-18:

No, this has not been implemented. Feel free to add a patch or merge request if you get the time. All submissions are appreciated.

stepedro83 (stepedro83) said on 2017-05-18:

Thanks Ken,

We just manage to have it working with some minor changes. We are testing and we will submit a patch as soon as we complete some tests.

Best

stepedro83 (stepedro83) said on 2017-05-18:

Thanks Kenneth Loafman, that solved my question.

To post a message you must log in.

Ask a question

Edit question

Duplicity

Support for S3 saml federated authentication (token)

Question information

Related bugs

Related FAQ:

Subscribers