Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default SSPI to True on Windows only, False otherwise #150

Merged
merged 1 commit into from
Dec 29, 2019
Merged

Default SSPI to True on Windows only, False otherwise #150

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,9 +183,9 @@ aws-adfs integrates with:
```
$ aws-adfs login --help
Usage: aws-adfs login [OPTIONS]

Authenticates an user with active directory credentials

Options:
--profile TEXT AWS cli profile that will be authenticated.
After successful authentication just use:
Expand Down Expand Up @@ -233,8 +233,12 @@ aws-adfs integrates with:
--assertfile TEXT Use SAML assertion response from a local
file
--sspi / --no-sspi Whether or not to use Kerberos SSO
authentication via SSPI, which may not work
in some environments.
authentication via SSPI (Windows only,
defaults to True).
--u2f-trigger-default / --no-u2f-trigger-default
Whether or not to also trigger the default
authentication method when U2F is available
(only works with Duo for now).
--help Show this message and exit.
```
```
Expand Down
4 changes: 2 additions & 2 deletions aws_adfs/html_roles_fetcher.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@ def fetch_html_encoded_roles(
adfs_ca_bundle=None,
username=None,
password=None,
sspi=True,
u2f_trigger_default=True,
sspi=None,
u2f_trigger_default=None,
):

# Support for Kerberos SSO on Windows via requests_negotiate_sspi
Expand Down
5 changes: 3 additions & 2 deletions aws_adfs/login.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from botocore import client
from os import environ
import logging
from platform import system
import sys
from . import authenticator
from . import prepare
Expand Down Expand Up @@ -96,8 +97,8 @@
)
@click.option(
'--sspi/--no-sspi',
default=None,
help='Whether or not to use Kerberos SSO authentication via SSPI, which may not work in some environments.',
default=system() == 'Windows',
help='Whether or not to use Kerberos SSO authentication via SSPI (Windows only, defaults to True).',
)
@click.option(
'--u2f-trigger-default/--no-u2f-trigger-default',
Expand Down
3 changes: 2 additions & 1 deletion aws_adfs/prepare.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import os
import botocore.session
import botocore.exceptions
from platform import system
from types import MethodType


Expand Down Expand Up @@ -117,7 +118,7 @@ def create_adfs_default_config(profile):
config.session_duration = int(3600)

# Whether SSPI is enabled
config.sspi = True
config.sspi = system() == "Windows"

# Whether to also trigger the default authentication method when U2F is available
config.u2f_trigger_default = True
Expand Down