Support AWS SSO (AWS Identity Centre) IdP

[ecole-startupcraft]

We are currently using saml2aws with Browser provider to achieve this - would be nice to have proper integration

[TonioGela]

Can you share the setup you have with the browser?

[egorksv]

Can you share the setup you have with the browser?

[default]
name                    = default
app_id                  = 
url                     = `https://OURSTARTURL.awsapps.com/start/#/saml/default/SAML_APP/ins-CODE`
username                = DEV_NAME
provider                = Browser
mfa                     = Auto
mfa_ip_address          = 
skip_verify             = false
timeout                 = 0
aws_urn                 = urn:amazon:webservices
aws_session_duration    = 3600
aws_profile             = AWS_SSO_PROFILE #(from ~/.aws/config)
resource_id             = 
subdomain               = 
role_arn                = 
region                  = 
http_attempts_count     = 
http_retry_delay        = 
credentials_file        = 
saml_cache              = false
saml_cache_file         = 
target_url              = 
disable_remember_device = false
disable_sessions        = false
download_browser_driver = false
headless                = false
prompter                = 

Saml2aws starts browser session (chromium on mac) which is used to login to aws sso first, and then proceeds to switch to SAML.

Customer's account is set up as SAML application in AWS SSO (NOT a part of the organisation).

Frankly, after reviewing this, we dropped it in favour of cross-account trust relationship and sts-assume-role instead.