Recent Posts

SAML Federated authentication with Amazon Web Services

I’ve started using Keycloak for most of the internal authentication on my home network recently via OIDC, and I’ve started to extend that outwards to other services so I have a single-sign-on experience.

One of the services I’ve started using this with is Amazon Web Services, which provides SAML authentication into IAM roles.

It’s not the most straight-forward of things to set up with Keycloak as the identity provider – there’s a few defaults in Keycloak which will stand in your way. I’ve tried my best to document this below, in case it helps anyone else out.

One major benefit of using SAML is that you can manage your users outside of AWS in whatever identity provider you already have. You can assign roles to groups, and thus manage what AWS accounts at which permissions level users have access to my telling Keycloak the AWS roles, and then Keycloak passes the information onto AWS about which roles are authorised. AWS then prompts the user to choose the role in which they wish to log in to (if there’s more than one)

Continue reading

  1. Advent of Code 2021 Comments Off on Advent of Code 2021
  2. Minecraft XP Banking Comments Off on Minecraft XP Banking
  3. Distant Worlds II – Journey’s End Comments Off on Distant Worlds II – Journey’s End
  4. Distant Worlds II – Day 2 Comments Off on Distant Worlds II – Day 2
  5. Distant Worlds II – Day 1 Comments Off on Distant Worlds II – Day 1
  6. Zipline: saving lives with delivery drones Comments Off on Zipline: saving lives with delivery drones
  7. Distant Worlds II – Day 0 – The Departure Comments Off on Distant Worlds II – Day 0 – The Departure
  8. Mission Failure Comments Off on Mission Failure
  9. Patches of stars Comments Off on Patches of stars