SAML to AWS STS Keys Conversion

Generates file with AWS STS Keys after logging in to AWS webconsole using SSO (SAML 2.0). It leverages 'assumeRoleWithSAML' API.

SAML to AWS STS Keys Conversion Chrome Extension

'SAML to AWS STS Keys Conversion' is a Chrome extension, perfect for companies using SAML 2.0 IDP for SSO login to AWS Web Management Console. It solves the need for user creation in AWS IAM by converting SAML 2.0 assertions to AWS STS Keys. The extension uses the 'assumeRoleWithSAML' API action, providing temporary credentials (AccessKeyId, SecretAccessKey, SessionToken) tied to the corporate identity, enhancing security.
Install from Chrome Web Store

Extension stats

Users: 10,000+
Rating: 3.78
(9)
Version: 3.3 (Last updated: 2023-03-20)
Creation date: 2019-02-08
Risk impact: High risk impact
Risk likelihood:
Manifest version: 3
Permissions:
  • webRequest
  • storage
  • downloads
Host permissions:
  • <all_urls>
Size: 160.77K

Other platforms

Not available on Android
Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Google Chrome Extension which converts a SAML 2.0 assertion to AWS STS Keys (temporary credentials -> AccessKeyId, SecretAccessKey and SessionToken).

Why this Chrome Extension?

If you don't have any user administration setup within AWS Identity & Access Management (IAM) but instead rely on your corporate user directory, i.e. Microsoft Active Directory. Your company uses a SAML 2.0 Identity Provider (IDP) to log in to the AWS Web Management Console (Single Sign On). Then this Chrome Estension if for you!

You run into trouble as soon as you would like to execute some fancy scripts from your computer which calls the AWS API's. When sending a request to the AWS API's you need credentials, meaning an AccessKey and SecretKey. You can easily generate these keys for each user in AWS IAM. However, since you don't have any users in AWS IAM and don't want to create users just for the sake of having an AccessKey and SecretKey you are screwed. But there is a way to get temporary credentials specifically for your corporate identity.

The Security Token Service (STS) from AWS provides an API action assumeRoleWithSAML. Using the SAML Assertion given by your IDP the Chrome Extension will call this API action to fetch temporary credentials. (AccessKeyId, SecretAccessKey and SessionToken). This way there is no need to create some sort of anonymous user in AWS IAM used for executing scripts. This would be a real security nightmare, since it won't be possible to audit who did what. This Chrome Extension however will make it super easy for you to just use your corporate identity for executing scripts calling AWS API's.

User reviews

There is an issue in latest version 3.1, in script.js file inside "onBeforeRequestEvent" function "sessionduration" is not defined because of that it is not working please fix this asap.

The latest version v3.0 release on 2022-Dec-15 is not working, please test and fix it. Not able to download credentials file.
by Praveen Dumpala, 2022-12-16

Excellent!
by Alexander Carlson, 2020-09-21
View all user reviews

Extension safety

Risk impact

SAML to AWS STS Keys Conversion requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk likelihood

SAML to AWS STS Keys Conversion has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details

Similar extensions

Here are some Chrome extensions that are similar to SAML to AWS STS Keys Conversion: