https://github.com/rishang/aws-oidc-broker
OpenID Based Credential Broker for AWS IAM role (Built as an alternative to AWS SSO to support OpenID Federation)
https://github.com/rishang/aws-oidc-broker
aws credentials federation iam keycloak openid-connect
Last synced: about 1 year ago
JSON representation
OpenID Based Credential Broker for AWS IAM role (Built as an alternative to AWS SSO to support OpenID Federation)
- Host: GitHub
- URL: https://github.com/rishang/aws-oidc-broker
- Owner: Rishang
- License: gpl-3.0
- Created: 2022-03-19T10:46:00.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2024-10-30T19:26:10.000Z (over 1 year ago)
- Last Synced: 2025-04-15T04:17:32.951Z (about 1 year ago)
- Topics: aws, credentials, federation, iam, keycloak, openid-connect
- Language: Python
- Homepage: https://rishang.github.io/aws-oidc-broker/
- Size: 1.65 MB
- Stars: 6
- Watchers: 3
- Forks: 2
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# AWS OpenID Credential Broker
OpenID Based Identity Credential Broker for AWS (Built as an alternative to AWS SSO to support OpenID Federation)

## Broker authentication flow
```mermaid
sequenceDiagram;
participant User;
participant Broker;
participant IDP;
participant AWS;
User -->> Broker: Login via IDP
Broker -->> IDP: Forward Auth Request
IDP -->> Broker: IDP Login Successful
User -->> Broker: Open AWS Console
Broker -->> AWS: Request Session
AWS -->> Broker: Login Successfull
Broker -->> Browser: Open AWS Console
```
## Getting Started
Quick Start with docker compose
```bash
docker-compose up -d
```
### Prerequisites
- python3
- virtualenv
- docker
- docker-compose
### Installing
A step by step series of examples that tell you how to get a development env running
Clone the Project
```bash
git clone https://github.com/Rishang/aws-oidc-broker.git
```
Initialzing virtualenv
```bash
cd aws-oidc-broker
python -m venv venv
source ./venv/bin/activate
```
Installing Dependencies
```bash
pip install -r requirements.txt
```
Configure .env file or perform export of those variables
```bash
cp .env.example .env
```
Configure environment variables as required.
## Environment Variables for KEYCLOAK integration
| VARIABLE NAME | Example VALUE | DESCRIPTION | REQUIRED |
| --- | --- | --- | --- |
| `KEYCLOAK_CLIENT_ID` | `aws-oidc`| Client ID | yes |
| `KEYCLOAK_CLIENT_SECRET` | `client-secret` | Client Secret | optional |
| `KEYCLOAK_WELLKNOWN` | `https://example.dev/realms/test/.well-known/openid-configuration` | Keycloak well-known openid URL | yes |
| `APP_SECRET` | `!apppasswd` | optional env variable to set encrytion secret | no |
| `TITLE` | `Example Broker` | Title to display on Broker UI | no |
## Deployment
Add additional notes about how to deploy this on a live system
## Built With
- [Flask](https://flask.palletsprojects.com/) - The web framework used
- [VueJs](https://vuejs.org/) - The web framework for building web user interfaces.