artifacts/oci/aws-global-oidc-broker

AWS OpenID Credential Broker

OpenID Based Identity Credential Broker for AWS (Built as an alternative to AWS SSO to support OpenID Federation)

Broker authentication flow

sequenceDiagram;

participant User;
participant Broker;
participant IDP;
participant AWS;

User -->> Broker: Login via IDP
Broker -->> IDP: Forward Auth Request
IDP -->> Broker: IDP Login Successful
User -->> Broker: Open AWS Console
Broker -->> AWS: Request Session
AWS -->> Broker: Login Successfull
Broker -->> Browser: Open AWS Console

Getting Started

Quick Start with docker compose

docker-compose up -d

Prerequisites

• python3
• virtualenv
• docker
• docker-compose

Installing

A step by step series of examples that tell you how to get a development env running

Clone the Project

git clone https://github.com/Rishang/aws-oidc-broker.git

Initialzing virtualenv

cd aws-oidc-broker
python -m venv venv
source ./venv/bin/activate

Installing Dependencies

pip install -r requirements.txt

Configure .env file or perform export of those variables

cp .env.example .env

Configure environment variables as required.

Environment Variables for KEYCLOAK integration

VARIABLE NAME	Example VALUE	DESCRIPTION	REQUIRED
KEYCLOAK_CLIENT_ID	aws-oidc	Client ID	yes
KEYCLOAK_WELLKNOWN	https://example.dev/realms/test/.well-known/openid-configuration	Keycloak well-known openid URL	yes
APP_SECRET	!apppasswd	optional env variable to set encrytion secret	no
TITLE	Example Broker	Title to display on Broker UI	no

Deployment

Add additional notes about how to deploy this on a live system

Built With

• Flask - The web framework used

• VueJs - The web framework for building web user interfaces.