Merge pull request #664 from noissefnoc/feature/add-auth0-provider-wo…

…-mfa Add Auth0 provider (without MFA support)
Versent · May 27, 2021 · beaaece · beaaece
2 parents 3828232 + 4978ea0
commit beaaece
Show file tree

Hide file tree

Showing 7 changed files with 1,203 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -53,6 +53,7 @@ The process goes something like this:
   * OneLogin
   * NetIQ
   * Browser, this uses [playwright-go](github.com/mxschmitt/playwright-go) to run a sandbox chromium window.
+  * [Auth0](pkg/provider/auth0/README.md) NOTE: Currently, MFA not supported
 * AWS SAML Provider configured
 
 ## Caveats

diff --git a/cmd/saml2aws/main.go b/cmd/saml2aws/main.go
@@ -69,7 +69,7 @@ func main() {
 	commonFlags := new(flags.CommonFlags)
 	app.Flag("config", "Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE)").Envar("SAML2AWS_CONFIGFILE").StringVar(&commonFlags.ConfigFile)
 	app.Flag("idp-account", "The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT)").Envar("SAML2AWS_IDP_ACCOUNT").Short('a').Default("default").StringVar(&commonFlags.IdpAccount)
-	app.Flag("idp-provider", "The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER)").Envar("SAML2AWS_IDP_PROVIDER").EnumVar(&commonFlags.IdpProvider, "Akamai", "AzureAD", "ADFS", "ADFS2", "GoogleApps", "Ping", "JumpCloud", "Okta", "OneLogin", "PSU", "KeyCloak", "F5APM", "Shibboleth", "ShibbolethECP", "NetIQ")
+	app.Flag("idp-provider", "The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER)").Envar("SAML2AWS_IDP_PROVIDER").EnumVar(&commonFlags.IdpProvider, "Akamai", "AzureAD", "ADFS", "ADFS2", "GoogleApps", "Ping", "JumpCloud", "Okta", "OneLogin", "PSU", "KeyCloak", "F5APM", "Shibboleth", "ShibbolethECP", "NetIQ", "Auth0")
 	app.Flag("mfa", "The name of the mfa. (env: SAML2AWS_MFA)").Envar("SAML2AWS_MFA").StringVar(&commonFlags.MFA)
 	app.Flag("skip-verify", "Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY)").Envar("SAML2AWS_SKIP_VERIFY").Short('s').BoolVar(&commonFlags.SkipVerify)
 	app.Flag("url", "The URL of the SAML IDP server used to login. (env: SAML2AWS_URL)").Envar("SAML2AWS_URL").StringVar(&commonFlags.URL)

diff --git a/pkg/provider/auth0/README.md b/pkg/provider/auth0/README.md
@@ -0,0 +1,33 @@
+## Auth0 Provider
+
+* https://auth0.com/
+
+## Instructions
+
+You need the SAML policy ID for the AWS account and Auth0 issues URL like below:
+
+```
+https://<YOUR_TENANT_NAME>.auth0.com/samlp/<AUTH0_CLIENT_ID>
+```
+
+Example config:
+
+```ini
+[default]
+url                  = https://<YOUR_TENANT_NAME>.auth0.com/samlp/<AUTH0_CLIENT_ID>
+username             = <YOUR_USRNAME>
+provider             = Auth0
+skip_verify          = false
+timeout              = 0
+aws_urn              = urn:amazon:webservices
+aws_session_duration = 3600
+aws_profile          = <AWS_PROFILE_NAME_FOR_DEFAULT_USE>
+```
+
+## Features
+
+* Currently, this provider does not support MFA.
+
+## More details
+
+* https://auth0.com/docs/protocols/saml-protocol/saml-configuration-options/configure-saml2-web-app-addon-for-aws