This repository has been archived by the owner on Jan 13, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsaml2sts.js
79 lines (61 loc) · 2.78 KB
/
saml2sts.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
// ==Bookmarklet==
// @name AWS Temporary Credentials Bookmarklet
// @author Ryan Jaeger (@rjjaegeraws) , Shea Phillips (@sheaphillips)
// @style !loadOnce https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.min.css
// @script https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
// @script https://code.jquery.com/ui/1.12.1/jquery-ui.js
// @script https://sdk.amazonaws.com/js/aws-sdk-2.663.0.min.js
// ==/Bookmarklet==
let $myjq = jQuery.noConflict();
$myjq(document).ready(function () {
$myjq('fieldset').before('<div id="dialog" title="AWS Credentials"> \
<p>Copy and paste the following commands into your shell to set up your AWS CLI environment variables.</p> \
<pre style="white-space: pre-wrap;word-wrap: break-word;padding: 1rem;">Loading...</pre> \
<button id="copyBtn" type="button" class="click-to-copy">Click to copy</button> \
</div>');
$myjq('#dialog').dialog({autoOpen: false, width: '600px'});
$myjq('div.saml-role').each(function (index, value) {
$myjq('label', value).before('<button type="button" class="showTempCredsButton" style="margin-right: 10px;" id="showTempCreds_' + index + '">Show Temporary Credentials</button>')
});
let samlResponse = $myjq('#saml_form input[name="SAMLResponse"]').first().val();
$myjq('button.showTempCredsButton').click(function (val) {
$myjq("#dialog").dialog("open");
$myjq('#dialog pre').first().html('Loading...');
let roleARN = $myjq('input', $(this).parent()).first().val();
let decodedString = atob(samlResponse);
let capturingRegex = new RegExp(">(?<provider>arn:aws:iam::\\d+:saml-provider/\\S+)," + roleARN + "<");
let found = decodedString.match(capturingRegex);
let providerId = found.groups.provider;
let sts = new AWS.STS();
let params = {
DurationSeconds: 3600,
PrincipalArn: providerId,
RoleArn: roleARN,
SAMLAssertion: samlResponse
};
sts.assumeRoleWithSAML(params, function (err, data) {
if (err) {
console.log(err, err.stack);
$myjq('#dialog pre').first().html('Error: ' + err.message);
} else {
let accessKeyId = data.Credentials.AccessKeyId;
let secretKey = data.Credentials.SecretAccessKey;
let sessionToken = data.Credentials.SessionToken;
let text = '\
export AWS_ACCESS_KEY_ID="' + accessKeyId + '" \n\
export AWS_SECRET_ACCESS_KEY="' + secretKey + '" \n\
export AWS_SESSION_TOKEN="' + sessionToken + '" \n\
export AWS_DEFAULT_REGION=ca-central-1 \n';
$myjq('#dialog pre').first().html(text);
$myjq('#dialog').on('click', '#copyBtn', function () {
let text = $('#dialog pre').text();
let $tempInput = $("<textarea>");
$myjq("body").append($tempInput);
$tempInput.val(text).select();
document.execCommand("copy");
$tempInput.remove();
});
}
});
})
});