![]() ![]() If you get back something like "ERROR: SAML Response was unsuccessful", you should have logs at the IdP to help debug the problem. It's actually returning SOAP but the client auto-extracts the response unless you also give it an ecp_soap=1 parameter. You'll also need user and password to provide the credentials to use.Ĭ:\Users\me> C:\Utilities\ecp.exe ecp_curl=C:\Utilities\curl.exe ecp_issuer=urn:amazon:webservices idp_host= ecp_nobase64=1 user=me password=whateverīarring a need for other options or a non-Shibboleth IdP, the goal is to get back an XML dump from the IdP that contains a valid signed Assertion wrapped in a Response message. This helps with testing by echoing the raw response XML from the IdP and not the encoded form. It's not valid, it should be noted, but there's not much we can do about that. Point this wherever you successfully installed curl.exe and managed to make it work in the step above. You'll need several parameters passed on the command line, and they're passed to the utility in name=value pairs. Next, try to run a transaction with the ecp.exe utility built in step 2 above against your IdP. For example if it lives in "C:\Utilities", open a prompt and make sure "C:\Utilities\curl.exe" works. The ODBC interactions can get very tricky to debug, so it's best to do some testing from the command line without involving it.įirst, make sure you can run the chosen implementation of curl.exe from an arbitrary directory from a command line Window. It's overkill, but one option is to install the Shibboleth SP software for Windows, which includes a copy and places the necessary libraries on the system path for you. Install a usable SSL-capable version of the curl.exe utility. The following steps are needed to get a client ready for use:īuild the Visual Studio project available at to produce the ecp.exe executable file. See the Amazon Redshift ECP Plugin for JDBC topic for this discussion, it applies here as well. See for a large amount of documentation on the general topic of using IAM credentials in AWS together with SAML, the drivers, and a lot of configuration glue to make all this fit together. It is Windows-only but could theoretically be copied and converted into a Linux/Mac fork/exec wrapper that would be similarly usable with the ODBC driver on those platforms. It may be useful in other situations in which an ECP client might be useful. ![]() It doesn't have any real dependencies on the Amazon driver as a starting point, but happens to work with the inputs and outputs that driver uses. The program is actually just a Windows command line wrapper around (by default) an execution of the curl utility to do the heavy lifting, though it's heavily customizeable. ![]() There are some advanced features that are designed in part to support some Shibboleth features, but it's largely a vanilla Windows excutable ECP client that relies on some parameters passed via the command line from the Amazon ODBC driver and passes back a SAML response from the IdP to stdout for use by AWS. This article describes an open source WIndows console utility written by a member of the Shibboleth team that interfaces to the Amazon ODBC driver and to the Shibboleth IdP (or any SAML compliant IdP) using the ECP (Enhanced Client or Proxy) profile designed for non-browser SAML authentication. Unlike most services and unlike essentially all databases, it also supports a mechanism for leveraging AWS' SAML support for federated login by database clients using Amazon's JDBC and ODBC drivers. Like most AWS services, there are a variety of security models available and like most databases, it supports built-in user and group management features. It is available under the standard Apache 2.0 software license.Īmazon Redshift is a data warehousing service available through AWS. It is not an official software product of the project and does not have formal releases, and is generally untested by the development team. This documentation refers to an unsupported open source code made available by the Shibboleth Project as a service to the community.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |