diff --git a/docs/use-cases/aws_iam_role.md b/docs/use-cases/aws_iam_role.md index 3a937bcaf..8e718e920 100644 --- a/docs/use-cases/aws_iam_role.md +++ b/docs/use-cases/aws_iam_role.md @@ -1,7 +1,7 @@ # AWS IAM Roles ## AWS IAM Federated Role -Federation is established between **G Suite**, **Okta**, **OneLogin** and **AWS**. No more AWS credentials +Federation is established between **G Suite**, **Okta**, **OneLogin**, **AzureAD**, and **AWS**. No more AWS credentials management is needed. Leapp allows you to get to cloud resources with company email and password. diff --git a/docs/use-cases/intro.md b/docs/use-cases/intro.md index b2ca06fdb..cc8edf113 100644 --- a/docs/use-cases/intro.md +++ b/docs/use-cases/intro.md @@ -21,5 +21,5 @@ The use cases covered by Leapp are the following: - **OneLogin to AWS** - :white_check_mark: - **G Suite to Azure** - :white_check_mark: - **AZURE AD to Azure** - :white_check_mark: -- **AZURE AD to AWS** - :soon: +- **AZURE AD to AWS** - :white_check_mark: - **AWS Single Sign-On** - :white_check_mark: diff --git a/src/app/services/session/aws/methods/aws-iam-role-federated.service.ts b/src/app/services/session/aws/methods/aws-iam-role-federated.service.ts index 7c2b6dca6..2a8996db3 100644 --- a/src/app/services/session/aws/methods/aws-iam-role-federated.service.ts +++ b/src/app/services/session/aws/methods/aws-iam-role-federated.service.ts @@ -164,6 +164,7 @@ export class AwsIamRoleFederatedService extends AwsSessionService { 'https://*.onelogin.com/*', 'https://*.okta.com/*', 'https://accounts.google.com/ServiceLogin*', + 'https://login.microsoftonline.com/*', 'https://signin.aws.amazon.com/saml' ] }; @@ -172,7 +173,7 @@ export class AwsIamRoleFederatedService extends AwsSessionService { // to construct the ideal method to deal with the construction of the response idpWindow.webContents.session.webRequest.onBeforeRequest(filter, (details, callback) => { // G Suite - if (details.url.indexOf('accounts.google.com/ServiceLogin') !== -1) { + if (details.url.indexOf('https://accounts.google.com/ServiceLogin') !== -1) { idpWindow = null; resolve(true); } @@ -186,8 +187,13 @@ export class AwsIamRoleFederatedService extends AwsSessionService { idpWindow = null; resolve(true); } + // AzureAD + if (details.url.indexOf('https://login.microsoftonline.com') !== -1 && details.url.indexOf('/oauth2/authorize') !== -1) { + idpWindow = null; + resolve(true); + } // Do not show window: already logged by means of session cookies - if (details.url.indexOf('signin.aws.amazon.com/saml') !== -1) { + if (details.url.indexOf('https://signin.aws.amazon.com/saml') !== -1) { idpWindow = null; resolve(false); }