andreacavagna01
commented
1 year ago I totally agree. In the SAML response, there is all the needed information to generate all the session from an Identity Provider Application with SAML.
Is that what you mean?
Is your feature request related to a problem? Please describe. Suppose you are allowed to assume 20 federated roles for a provider. Leapp requires manual input of 20 federated role ARNs 1 per session.
Describe the solution you'd like The docs exchanged during SAML authentication should allow Leapp to know which roles users can assume. Thus the list could be used to automatically set sessions or at least store them somewhere to set eventually with the CLI. I am thinking about scripting setup here.
Describe alternatives you've considered There is no alternative other than to set every role manually.
Additional context You can see here as an example there is a browser extension named AWS AlwaysON that supports what I'm describing.