Class SAMLRoleProfile
The persisted data for a saml role profile for a user. This profile references an endpoint profile containing the actual endpoint to be used, and adds details of the role to be assumed when the profile is selected.
Optionally the profile can store a username and domain to be used during authentication (default behavior, if this is not specified, is to use the user's default network credentials).
[Obsolete("This class is obsolete and will be removed in a future release. Please use Amazon.Runtime.CredentialProfile. Visit http://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html for further details.")]
public class SAMLRoleProfile : ProfileSettingsBase- Inheritance
-
SAMLRoleProfile
- Inherited Members
Properties
EndpointSettings
The endpoint settings from which the actual endpoint to use in authentication is obtained.
public SAMLEndpointSettings EndpointSettings { get; }Property Value
Region
For regions with a region-specific endpoint for STS (eg cn-north-1) this field can be set to ensure calls to obtain temporary credentials after successful authentication are forwarded to the correct regional endpoint.
This field does not need to be set when running in a region for which the sts.amazonaws.com endpoint is valid.
public string Region { get; }Property Value
RoleArn
The ARN of the role that is to be assumed.
public string RoleArn { get; }Property Value
UseDefaultUserIdentity
If a specific user identity was specified in the profile, returns true to indicate a password needs to be obtained from the user before obtaining network credentials to be used on authentication. The default is to use the credentials associated with the currently logged-in user or process to perform authentication, which does not require the user to be prompted.
public bool UseDefaultUserIdentity { get; }Property Value
UserIdentity
If non-default network credentials are to used contains the user identity (in domain\user format, domain optional) that should be used to supply credentials when the profile is used in authentication. The user must be prompted to supply the corresponding password prior to authentication.
public string UserIdentity { get; }Property Value
Methods
CanCreateFrom(ObjectSettings)
Tests if a SAMLRoleProfile instance could be instantiated from the persisted settings data.
public static bool CanCreateFrom(SettingsCollection.ObjectSettings os)Parameters
osSettingsCollection.ObjectSettingsThe persisted settings.
Returns
- bool
True if the settings are compatible with a SAMLRoleProfile type.
CanCreateFrom(string)
Tests if a SAMLRoleProfile instance could be instantiated from the persisted settings data.
public static bool CanCreateFrom(string profileName)Parameters
profileNamestringThe name given to the persisted settings.
Returns
- bool
True if the settings are compatible with a SAMLRoleProfile type.
GetCurrentSession()
Retrieves the active credential session, if any, associated with the role profile.
public SAMLImmutableCredentials GetCurrentSession()Returns
- SAMLImmutableCredentials
The current credentials valid for the role specified in the profile. Returns null if no active session is available, or the active session has expired.
Remarks
When a user successfully authenticates and receives temporary AWS credentials for a role, the profile is updated with details of the session. When the profile is loaded by other processes or tools, if session data is present and still valid it can be retrieved using this method avoiding the need to re-authenticate and get additional temporary credentials.
LoadFrom(ObjectSettings)
Instantiates an instance from the supplied settings. In addition to the profile settings the SDK will inspect for a RoleSessions.json file containing active session data and if an entry for the profile is present, will add the session data to the returned profile object.
public static SAMLRoleProfile LoadFrom(SettingsCollection.ObjectSettings os)Parameters
osSettingsCollection.ObjectSettingsThe persisted settings.
Returns
- SAMLRoleProfile
Profile instance or an exception if the profile data is invalid.
LoadFrom(string)
Instantiates an instance from settings stored with the specified name.
public static SAMLRoleProfile LoadFrom(string profileName)Parameters
profileNamestringThe name of the endpoint profile.
Returns
- SAMLRoleProfile
Profile instance or an exception if the profile data does not exist/contains invalid data.
Persist()
Stores the data in the role profile to the backing store file.
public override string Persist()Returns
Persist(string, string, string, string, string, string)
Registers a role-based profile to be used with SAML authentication. The profile contains details of the role to be assumed when AWS credentials are requested based on the role and a reference to a SAML endpoint profile containing details of the endpoint to be called to authenticate the user.
If user identity information is not supplied then the identity of the logged-in user will be used when authenticaton is performed against the endpoint referenced in the SAML endpoint profile. If identity is provided, no password information is stored in the role profile and the user must supply the password for the identity prior to authentication with the endpoint.
public static string Persist(string profileName, string endpointSettingsName, string roleArn, string userIdentity, string session, string region)Parameters
profileNamestringName to be assigned to the profile
endpointSettingsNamestringThe name of the settings in the SAML endpoints file containing details of the endpoint to authenticate with.
roleArnstringThe arn of the role that the user wants to assume when using this profile. This must be one of the set returned by the saml endpoint when the user authenticates.
userIdentitystringOptional, can be used to prompt the user for a password for the account when authentication is performed from a system that is not domain-joined.
sessionstringOptional, details of the currently active credentials for the role that we want to persist into the profile for other tools or processes to pick up, avoiding the need to continually re-authenticate the user as they switch between tools. The active session, if any, is stored separately from the profile using the file RoleSessions.json.
regionstringSet for profiles intended to be used in regions where a region-specific STS endpoint must be used (eg cn-north-1). If left empty/null, the global sts.amazonaws.com endpoint will be used when credentials are obtained for this profile.
Returns
- string
The unique id assigned to the profile.
PersistSession(SAMLImmutableCredentials)
Persists the current credentials to a 'session' key in the RoleSessions.json file. This enables external applications and tools using the same profile to obtain credentials without needing to separately re-authenticate the user prior to expiry of the current credentials. After persisting the session data it can be retrieved using GetCurrentSession().
public void PersistSession(SAMLImmutableCredentials credentials)Parameters
credentialsSAMLImmutableCredentialsThe current credentials valid for the role specified in the profile.
Remarks
Although the credentials are temporary we still encrypt the stored data when at rest in the sdk credential store.
Validate(string)
Validates the contents of the specified profile.
public static void Validate(string profileName)Parameters
profileNamestringThe name of the SAML role profile to validate.
Exceptions
- InvalidDataException
Thrown if the profile settings fail to validate.