Azure AD Login to AWS with AWS SAML

[mholttech]

Is your feature request related to a problem? Please describe.
My company uses AzureAD to authenticate into AWS using SAML Authentication (Not AWS SSO). It does not appear that Leapp currently supports this. This is accomplished by logging into AWS using a AWS SAML URL like https://signin.aws.amazon.com/saml/AWS-ACCOUNT-1

Describe the solution you'd like
Would like to accomplish the login flow with Leapp.

Describe alternatives you've considered
We currently use https://github.com/sportradar/aws-azure-login for this and when it comes to CI/CD to access AWS and it works well, however it has proven to be a barrier for our developers.

[andreacavagna01]

Hi, the issue refers to this specific use case:
https://docs.leapp.cloud/use-cases/aws_iam_role/#aws-iam-federated-role

at the moment we are not supporting Azure AD as Identity Provider, but it's a little addition to be made in order to make Azure AD working with Leapp.

As you can see in this pull request allowing Okta as an identity provider the only thing to be done is to add the correct filter for the SAML response of the callback on Azure AD here:

leapp/src/app/services/session/aws/methods/aws-iam-role-federated.service.ts

Line 162 in 00b89d7

const filter = {

I can help you in doing this but at the moment I do have not an Azure AD account to test it and find the correct filter on the SAML response.

I'll add a Help needed label, since, when I found someone with this Identity provider in the community wanting to collaborate, we can implement this feature in some hours together

Also, I will add this enhancement in the roadmap.

[mholttech]

Hey @andreacavagna01,

I'd be happy to work with you to find the correct filter for AzureAD.

edit: I just joined the slack team so you can find me there as well