{"id":2313,"date":"2019-08-23T06:21:37","date_gmt":"2019-08-23T06:21:37","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=2313"},"modified":"2020-05-02T07:42:21","modified_gmt":"2020-05-02T07:42:21","slug":"corporate-identity-federation","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/","title":{"rendered":"Corporate Identity Federation"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>It allows to use existing identity store for AWS access \u2013<ul><li>AWS Directory services<\/li><\/ul><ul><li>SAML<\/li><\/ul><ul><li>custom federation proxy<\/li><\/ul><\/li><li>Uses role architecture.<\/li><li>Temp access by STS and access obtained via GetFederationToken or STS:AssumeRole operations.<\/li><li>AssumeRole session min 15 minutes, Max 1 hr, Default 1hr; GetFederationToken min 15 min, Max 36 hrs, Default 12 hrs<\/li><li>allows seperation of responsibilities, minimize admin overhead.<\/li><\/ul>\n\n\n\n<p><strong>Custom Proxy &#8211; Console &#8211; AssumeRole<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Corporate User Browse the Fed Proxy domain.com <\/li><li>Fed Proxy authenticates user to LDAP<\/li><li>LDAP get groups from Fed Proxy<\/li><li>Fed Proxy sends list roles request<\/li><li>STS returns list of roles<\/li><li>User will select appropriate role<\/li><li>Fed Proxy sends STS:AssumeRole<\/li><li>STS returns STS:AssumeRole responses<\/li><li>Generate URL and redirect to user<\/li><li>User access URL and get console access<\/li><\/ul>\n\n\n\n<p><strong>Custom Proxy &#8211; API &#8211; GetFederationToken<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Corporate App browse Fed Proxy<\/li><li>FedProxy authenticats App to LDAP <\/li><li>Directory sends Entitlements to Fed Proxy<\/li><li>Fed Proxy send GetFederationToken to STS<\/li><li>STS returns GetFederationToken reponse<\/li><li>Session<\/li><li>Call APIs<\/li><\/ul>\n\n\n\n<p>Both use cases needs an IAM user. GetFederationToken does not support MFA. <\/p>\n\n\n\n<p><strong>SAML &#8211; Console &#8211; AssumeRoleWithSAML<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Corporate user access AD FS<\/li><li>AD FS authenticates user against Directory<\/li><li>SAML Token contains membership generated<\/li><li>Sigin in with SAML Token to AWS Sign-in Endpoint<\/li><li>AssumeRoleWithSAML send to STS<\/li><li>STS returns Creds<\/li><li>AWS Sign-in endpoint returns Console URL<\/li><li>Corporate user Redirected to AWS Console<\/li><li>No need to maintain dedicated Fed proxy for application, proxy doesnt need any IAM permission. <\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>It allows to use existing identity store for AWS access \u2013 AWS Directory services SAML custom federation proxy Uses role architecture. Temp access by STS and access obtained via GetFederationToken or STS:AssumeRole operations. AssumeRole session min 15 minutes, Max 1 hr, Default 1hr; GetFederationToken min 15 min, Max 36 hrs, Default 12 hrs allows seperation&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2084,"menu_order":36,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7,409,372,380],"class_list":["post-2313","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws","tag-corporate-identity-federation","tag-devops","tag-devops-engineer"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Corporate Identity Federation - Testprep Training Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Corporate Identity Federation - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"It allows to use existing identity store for AWS access \u2013 AWS Directory services SAML custom federation proxy Uses role architecture. Temp access by STS and access obtained via GetFederationToken or STS:AssumeRole operations. AssumeRole session min 15 minutes, Max 1 hr, Default 1hr; GetFederationToken min 15 min, Max 36 hrs, Default 12 hrs allows seperation...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-02T07:42:21+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/\",\"name\":\"Corporate Identity Federation - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-23T06:21:37+00:00\",\"dateModified\":\"2020-05-02T07:42:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified DevOps Engineer Professional\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Corporate Identity Federation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Corporate Identity Federation - Testprep Training Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/","og_locale":"en_US","og_type":"article","og_title":"Corporate Identity Federation - Testprep Training Tutorials","og_description":"It allows to use existing identity store for AWS access \u2013 AWS Directory services SAML custom federation proxy Uses role architecture. Temp access by STS and access obtained via GetFederationToken or STS:AssumeRole operations. AssumeRole session min 15 minutes, Max 1 hr, Default 1hr; GetFederationToken min 15 min, Max 36 hrs, Default 12 hrs allows seperation...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-02T07:42:21+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/","name":"Corporate Identity Federation - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-23T06:21:37+00:00","dateModified":"2020-05-02T07:42:21+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/corporate-identity-federation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified DevOps Engineer Professional","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/"},{"@type":"ListItem","position":3,"name":"Corporate Identity Federation"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2313","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=2313"}],"version-history":[{"count":2,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2313\/revisions"}],"predecessor-version":[{"id":2445,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2313\/revisions\/2445"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2084"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=2313"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=2313"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=2313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}