{"id":25063768,"url":"https://github.com/lenon/aws-cas-credential-process","last_synced_at":"2026-04-29T22:02:59.770Z","repository":{"id":37949973,"uuid":"405720177","full_name":"lenon/aws-cas-credential-process","owner":"lenon","description":"A credential_process for AWS CLI with support for CAS","archived":false,"fork":false,"pushed_at":"2023-03-06T22:40:13.000Z","size":151,"stargazers_count":0,"open_issues_count":9,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-01T17:26:16.756Z","etag":null,"topics":["aws","aws-cli","cas","golang","iam","saml"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lenon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-12T18:20:22.000Z","updated_at":"2022-05-21T04:47:36.000Z","dependencies_parsed_at":"2024-06-21T08:22:02.706Z","dependency_job_id":"1ae43697-454e-43d4-b6b9-cfc157530e09","html_url":"https://github.com/lenon/aws-cas-credential-process","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/lenon/aws-cas-credential-process","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenon%2Faws-cas-credential-process","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenon%2Faws-cas-credential-process/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenon%2Faws-cas-credential-process/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenon%2Faws-cas-credential-process/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lenon","download_url":"https://codeload.github.com/lenon/aws-cas-credential-process/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenon%2Faws-cas-credential-process/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32445555,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T20:22:27.477Z","status":"ssl_error","status_checked_at":"2026-04-29T20:22:26.507Z","response_time":110,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-cli","cas","golang","iam","saml"],"created_at":"2025-02-06T18:45:31.125Z","updated_at":"2026-04-29T22:02:59.733Z","avatar_url":"https://github.com/lenon.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aws-cas-credential-process\n\n`aws-cas-credential-process` is a [credential process][cred-proc] for AWS CLI.\nIt can be used to authenticate through any CAS SSO that is configured as [SAML\n2.0 identity provider][cas-saml] on AWS.\n\nHow the process works:\n\n1. AWS CLI calls the credential process whenever it requires authentication.\n2. The credential process requests the identity provider using your stored\n   credentials, get the SAML response, and assume role using this response as\n   input.\n3. Assumed role credentials are passed to AWS CLI and then stored temporarily in\n   your system's keyring. They are used again until they expire.\n4. When expired, new credentials will be requested through the identity\n   provider.\n\nCredentials are stored in your system's keyring (Keychain on macOS, GNOME\nKeyring on Linux).\n\nNote (1): this project has been tested with AWS CLI v2. It may work with v1,\nthough.\n\nNote (2): this project has been tested and works for CAS instances configured\nwith [`mfa-duo`][mfa-duo] MFA provider.\n\n## Installation\n\nDownload the latest version:\n\n```\n# macOS (Intel)\ncurl -fsSL https://github.com/lenon/aws-cas-credential-process/releases/latest/download/aws-cas-credential-process-darwin-amd64.tar.gz | tar zxf -\n\n# macOS (ARM)\ncurl -fsSL https://github.com/lenon/aws-cas-credential-process/releases/latest/download/aws-cas-credential-process-darwin-arm64.tar.gz | tar zxf -\n\n# Linux\ncurl -fsSL https://github.com/lenon/aws-cas-credential-process/releases/latest/download/aws-cas-credential-process-linux-amd64.tar.gz | tar zxf -\n```\n\nSee the complete list of precompiled binaries [here][releases].\n\nThen move it anywhere in your PATH:\n\n```\nmv dist/aws-cas-credential-process* /usr/local/bin/aws-cas-credential-process\n```\n\n## Usage\n\nConfigure your credentials:\n\n```\naws-cas-credential-process store\n```\n\nAnd then configure AWS CLI (`~/.aws/config`) with your org's identity provider\nand roles:\n\n```\n[profile sso]\ncredential_process = aws-cas-credential-process login --url 'https://\u003cSSO URL\u003e/cas/idp/profile/SAML2/Unsolicited/SSO?providerId=urn:amazon:webservices' --role-arn 'arn:aws:iam::\u003cAWS ACCOUNT\u003e:role/\u003cROLE NAME\u003e'\n\n[profile myacc1]\nsource_profile = sso\nrole_arn = arn:aws:iam::\u003cAWS ACCOUNT\u003e:role/\u003cROLE NAME\u003e\n\n[profile myacc2]\nsource_profile = sso\nrole_arn = arn:aws:iam::\u003cAWS ACCOUNT\u003e:role/\u003cROLE NAME\u003e\n```\n\nTo test if the authentication works, run the following command:\n\n```\naws sts get-caller-identity --profile myacc1\n```\n\nYou may need to approve your MFA login now.\n\n[mfa-duo]:https://apereo.github.io/cas/5.0.x/installation/Configuring-Multifactor-Authentication.html#duo-security\n[releases]:https://github.com/lenon/aws-cas-credential-process/releases\n[cred-proc]:https://awscli.amazonaws.com/v2/documentation/api/latest/topic/config-vars.html#sourcing-credentials-from-external-processes\n[cas-saml]:https://apereo.github.io/cas/6.4.x/authentication/Configuring-SAML2-Authentication.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flenon%2Faws-cas-credential-process","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flenon%2Faws-cas-credential-process","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flenon%2Faws-cas-credential-process/lists"}