googleapps

README

googleapps

This provider uses SAML with Google Apps to enable authentication of users to AWS.

prerequisites

Setup your Google Apps and AWS Account as per one of the configuration guides.

• How to Set Up Federated Single Sign-On to AWS Using Google Apps
• Using Google Apps SAML SSO to do one-click login to AWS

configuration

The key attribute in configuring this provider is the URL which can be copied from the google apps, application list (I just pulled it from the HTML). An example of this is as follows:

https://accounts.google.com/o/saml2/initsso?idpid=XXXXXXX&spid=YYYYY&forceauthn=false

Where the following attributes are replace with:

• XXXXX is IdP identifier for your Google Apps Account.
• YYYYY is SP identifier for the AWS SAML application, in your Google Apps Account.

2-factor support

Currently this provider supports:

• ToTP using applications like Google Authenticator or Authy
• SMS
• Google Prompt (Mobile Application)

prior work

In addition to my own effort deconstructing this, I also used the following as resources:

• https://github.com/wheniwork/keyme
• https://github.com/cevoaustralia/aws-google-auth

Documentation

Index

• type Client
  • func New(idpAccount *cfg.IDPAccount) (*Client, error)
  • func (kc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error)

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client wrapper around Google Apps.

func New

func New(idpAccount *cfg.IDPAccount) (*Client, error)

New create a new Google Apps Client

func (*Client) Authenticate

func (kc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error)

Authenticate logs into Google Apps and returns a SAML response