Class: AWS.SAMLCredentials
- Inherits:
-
AWS.Credentials
- Object
- AWS.Credentials
- AWS.SAMLCredentials
- Defined in:
- lib/credentials/saml_credentials.js
Overview
Represents credentials retrieved from STS SAML support.
By default this provider gets credentials using the
AWS.STS.assumeRoleWithSAML() service operation. This operation
requires a RoleArn
containing the ARN of the IAM trust policy for the
application for which credentials will be given, as well as a PrincipalArn
representing the ARN for the SAML identity provider. In addition, the
SAMLAssertion
must be set to the token provided by the identity
provider. See constructor() for an example on creating a credentials
object with proper RoleArn
, PrincipalArn
, and SAMLAssertion
values.
Refreshing Credentials from Identity Service
In addition to AWS credentials expiring after a given amount of time, the login token from the identity provider will also expire. Once this token expires, it will not be usable to refresh AWS credentials, and another token will be needed. The SDK does not manage refreshing of the token value, but this can be done through a "refresh token" supported by most identity providers. Consult the documentation for the identity provider for refreshing tokens. Once the refreshed token is acquired, you should make sure to update this new token in the credentials object's params property. The following code will update the SAMLAssertion, assuming you have retrieved an updated token from the identity provider:
AWS.config.credentials.params.SAMLAssertion = updatedToken;
Future calls to credentials.refresh()
will now use the new token.
Constructor Summary collapse
-
new AWS.SAMLCredentials(params) ⇒ void
constructor
Creates a new credentials object.
Property Summary collapse
-
params ⇒ map
readwrite
The map of params passed to AWS.STS.assumeRoleWithSAML().
Properties inherited from AWS.Credentials
expired, expireTime, accessKeyId, secretAccessKey, sessionToken, expiryWindow
Method Summary collapse
-
refresh(callback) ⇒ void
Refreshes credentials using AWS.STS.assumeRoleWithSAML().
Methods inherited from AWS.Credentials
needsRefresh, get, getPromise, refreshPromise
Constructor Details
new AWS.SAMLCredentials(params) ⇒ void
Creates a new credentials object.
Property Details
params ⇒ map (readwrite)
Returns the map of params passed to
AWS.STS.assumeRoleWithSAML(). To update the token, set the
params.SAMLAssertion
property.
Method Details
refresh(callback) ⇒ void
Refreshes credentials using AWS.STS.assumeRoleWithSAML()