Skip to content

OpenID Based Credential Broker for AWS IAM role (Built as an alternative to AWS SSO to support OpenID Federation)

License

Notifications You must be signed in to change notification settings

Rishang/aws-oidc-broker

Repository files navigation

AWS OpenID Credential Broker

OpenID Based Identity Credential Broker for AWS (Built as an alternative to AWS SSO to support OpenID Federation)

demo image

Broker authentication flow

sequenceDiagram;

participant User;
participant Broker;
participant IDP;
participant AWS;

User -->> Broker: Login via IDP
Broker -->> IDP: Forward Auth Request
IDP -->> Broker: IDP Login Successful
User -->> Broker: Open AWS Console
Broker -->> AWS: Request Session
AWS -->> Broker: Login Successfull
Broker -->> Browser: Open AWS Console
Loading

Getting Started

Quick Start with docker compose

docker-compose up -d

Prerequisites

  • python3
  • virtualenv
  • docker
  • docker-compose

Installing

A step by step series of examples that tell you how to get a development env running

Clone the Project

git clone https://github.com/Rishang/aws-oidc-broker.git

Initialzing virtualenv

cd aws-oidc-broker
python -m venv venv
source ./venv/bin/activate

Installing Dependencies

pip install -r requirements.txt

Configure .env file or perform export of those variables

cp .env.example .env

Configure environment variables as required.

Environment Variables for KEYCLOAK integration

VARIABLE NAME Example VALUE DESCRIPTION REQUIRED
KEYCLOAK_CLIENT_ID aws-oidc Client ID yes
KEYCLOAK_CLIENT_SECRET client-secret Client Secret optional
KEYCLOAK_WELLKNOWN https://example.dev/realms/test/.well-known/openid-configuration Keycloak well-known openid URL yes
APP_SECRET !apppasswd optional env variable to set encrytion secret no
TITLE Example Broker Title to display on Broker UI no

Deployment

Add additional notes about how to deploy this on a live system

Built With

  • Flask - The web framework used

  • VueJs - The web framework for building web user interfaces.