search

awslabs / aws-sigv4-proxy

This project signs and proxies HTTP requests with Sigv4
Apache License 2.0
360 stars 100 forks source link

Support SSO #108

Open Klapsa2503 opened 1 year ago

Klapsa2503 commented 1 year ago

Any chance in getting support for SSO?

rmak-cpi commented 1 year ago

For me, it is very handy to be able to use aws-sigv4-proxy to get transparent access to services such as OpenSearch locally from my computer. Sadly, it looks like aws-sigv4-proxy (1.7) doesn't seem to be able to pull credentials for signing from sso profile defined in my ~/.aws/config.

time="2023-07-18T23:08:31Z" level=error msg="unable to proxy request" error="NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"

While a similar scenario with an access_key_id/secret profile works just fine.

nomeelnoj commented 1 year ago

Our teams use this for accessing dashboards, because we do not allow anonymous access of any kind to our opensearch clusters, even with IP restrictions. The only way our teams can interact with a UI is through a sig4 signing proxy, and having to always go generate new key/secret key/session token from the UI before running the container is not ideal.

SSO support would be amazing!