From 0a7ca2ac6b279a71c12145195a38168f92c06c89 Mon Sep 17 00:00:00 2001
From: Michael Holt <mike@holtit.com>
Date: Mon, 30 Aug 2021 14:08:23 -0700
Subject: [PATCH] feat: add support for aws azuread federation

This adds support for using AzureAD to Federate into AWS. Fixes #160.
---
 docs/use-cases/aws_iam_role.md                              | 2 +-
 docs/use-cases/intro.md                                     | 2 +-
 .../session/aws/methods/aws-iam-role-federated.service.ts   | 6 ++++++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/docs/use-cases/aws_iam_role.md b/docs/use-cases/aws_iam_role.md
index 3a937bcaf..8e718e920 100644
--- a/docs/use-cases/aws_iam_role.md
+++ b/docs/use-cases/aws_iam_role.md
@@ -1,7 +1,7 @@
 # AWS IAM Roles
 
 ## AWS IAM Federated Role
-Federation is established between **G Suite**, **Okta**, **OneLogin** and **AWS**. No more AWS credentials
+Federation is established between **G Suite**, **Okta**, **OneLogin**, **AzureAD**, and **AWS**. No more AWS credentials
 management is needed.
 
 Leapp allows you to get to cloud resources with company email and password.
diff --git a/docs/use-cases/intro.md b/docs/use-cases/intro.md
index b2ca06fdb..cc8edf113 100644
--- a/docs/use-cases/intro.md
+++ b/docs/use-cases/intro.md
@@ -21,5 +21,5 @@ The use cases covered by Leapp are the following:
 - **OneLogin to AWS** - :white_check_mark:
 - **G Suite to Azure** - :white_check_mark:
 - **AZURE AD to Azure** - :white_check_mark:
-- **AZURE AD to AWS** - :soon:
+- **AZURE AD to AWS** - :white_check_mark:
 - **AWS Single Sign-On** - :white_check_mark:
diff --git a/src/app/services/session/aws/methods/aws-iam-role-federated.service.ts b/src/app/services/session/aws/methods/aws-iam-role-federated.service.ts
index 7c2b6dca6..964b6ddc6 100644
--- a/src/app/services/session/aws/methods/aws-iam-role-federated.service.ts
+++ b/src/app/services/session/aws/methods/aws-iam-role-federated.service.ts
@@ -164,6 +164,7 @@ export class AwsIamRoleFederatedService extends AwsSessionService {
           'https://*.onelogin.com/*',
           'https://*.okta.com/*',
           'https://accounts.google.com/ServiceLogin*',
+          'https://login.microsoftonline.com/*',
           'https://signin.aws.amazon.com/saml'
         ]
       };
@@ -186,6 +187,11 @@ export class AwsIamRoleFederatedService extends AwsSessionService {
           idpWindow = null;
           resolve(true);
         }
+        // AzureAD
+        if (details.url.indexOf('login.microsoftonline.com') !== -1) {
+          idpWindow = null;
+          resolve(true);
+        }
         // Do not show window: already logged by means of session cookies
         if (details.url.indexOf('signin.aws.amazon.com/saml') !== -1) {
           idpWindow = null;