OpenID Based Identity Credential Broker for AWS (Built as an alternative to AWS SSO to support OpenID Federation)
sequenceDiagram;
participant User;
participant Broker;
participant IDP;
participant AWS;
User -->> Broker: Login via IDP
Broker -->> IDP: Forward Auth Request
IDP -->> Broker: IDP Login Successful
User -->> Broker: Open AWS Console
Broker -->> AWS: Request Session
AWS -->> Broker: Login Successfull
Broker -->> Browser: Open AWS Console
Quick Start with docker compose
docker-compose up -d
- python3
- virtualenv
- docker
- docker-compose
A step by step series of examples that tell you how to get a development env running
Clone the Project
git clone https://github.com/Rishang/aws-oidc-broker.git
Initialzing virtualenv
cd aws-oidc-broker
python -m venv venv
source ./venv/bin/activate
Installing Dependencies
pip install -r requirements.txt
Configure .env file or perform export of those variables
cp .env.example .env
Configure environment variables as required.
VARIABLE NAME | Example VALUE | DESCRIPTION | REQUIRED |
---|---|---|---|
KEYCLOAK_CLIENT_ID |
aws-oidc |
Client ID | yes |
KEYCLOAK_CLIENT_SECRET |
client-secret |
Client Secret | optional |
KEYCLOAK_WELLKNOWN |
https://example.dev/realms/test/.well-known/openid-configuration |
Keycloak well-known openid URL | yes |
APP_SECRET |
!apppasswd |
optional env variable to set encrytion secret | no |
TITLE |
Example Broker |
Title to display on Broker UI | no |
Add additional notes about how to deploy this on a live system