< Back
Set-AwsIbmSamlCredentials
Post
NAME Set-AwsIbmSamlCredentials
SYNOPSIS
Authenticates a user against IBM IAM server to utilize roles granted in AWS via AWS PowerShell cmdlets.
SYNTAX
Set-AwsIbmSamlCredentials -EndpointName <string> [-AwsAccountId <string[]>] [-Credential <PSCredential>]
[-ErrorClass <string>] [-ErrorElement <string>] [-HelpFindResource <string>] [-PrincipalARN <string>]
[-ProxyAddress <Uri>] [-ProxyBypassList <string[]>] [-ProxyBypassOnLocal <SwitchParameter>] [-ProxyCredentials
<ICredentials>] [-RegionMap <Hashtable>] [-RoleARN <string>] [-SecurityProtocol {SystemDefault | Ssl3 | Tls |
Tls11 | Tls12 | Tls13}] [-SingleMatch <SwitchParameter>] [-StoreAs <string>] [-STSEndpointRegion <string>]
[-TokenDurationInMinutes <int>] [-UseAssertionDocumentDuration <SwitchParameter>] [<CommonParameters>]
Set-AwsIbmSamlCredentials -EndpointName <string> -StoreAllRoles <SwitchParameter> [-AwsAccountId <string[]>]
[-Credential <PSCredential>] [-ErrorClass <string>] [-ErrorElement <string>] [-ProxyAddress <Uri>]
[-ProxyBypassList <string[]>] [-ProxyBypassOnLocal <SwitchParameter>] [-ProxyCredentials <ICredentials>]
[-RegionMap <Hashtable>] [-SecurityProtocol {SystemDefault | Ssl3 | Tls | Tls11 | Tls12 | Tls13}]
[-STSEndpointRegion <string>] [-TokenDurationInMinutes <int>] [-UseAssertionDocumentDuration <SwitchParameter>]
[<CommonParameters>]
DESCRIPTION
Authenticates a user against IBM IAM server to utilize roles granted in AWS via AWS PowerShell cmdlets.
PARAMETERS
-EndpointName <string>
The name of the endpoint you gave when calling Set-AWSSamlEndpoint with your URL to the IBM IAM server.
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-PrincipalARN <string>
The AWS principal ARN for the role you want to assume.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-RoleARN <string>
The AWS role ARN for the role you want to assume.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Credential <PSCredential>
The credentials you want to use to auto-login to the IBM IAM server.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-StoreAs <string>
Store a successful login into this profile name. Then use it with -ProfileName with AWS cmdlets.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-AwsAccountId <string[]>
AWS account id to filter out roles only in a specific account.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-HelpFindResource <string>
Search for a specific keyword in a role to mark it as the default choice.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SingleMatch <SwitchParameter>
If only one role matches the value in HelpFindResource, then select that single role and don't ask the user
which to use.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-SecurityProtocol <SecurityProtocolType>
Set what Security Protocol to use when connecting over HTTPS. Default: TLS 1.2
Possible values: SystemDefault, Ssl3, Tls, Tls11, Tls12, Tls13
Required? false
Position? named
Default value Tls12
Accept pipeline input? false
Accept wildcard characters? false
-ErrorElement <string>
Set what HTML element will contain a error response if there is a error from bad login. Default: P
Required? false
Position? named
Default value p
Accept pipeline input? false
Accept wildcard characters? false
-ErrorClass <string>
Set what HTML class the ErrorElement will contain for a error response if there is a error from bad login.
Default: error
Required? false
Position? named
Default value error
Accept pipeline input? false
Accept wildcard characters? false
-StoreAllRoles <SwitchParameter>
Assume role and store all roles in local AWS shared credential store
Required? true
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-STSEndpointRegion <string>
Region to use when calling SecurityTokenService's AssumeRoleWithSAML. Default: us-east-2
Required? false
Position? named
Default value us-east-2
Accept pipeline input? false
Accept wildcard characters? false
-ProxyAddress <Uri>
The address of the proxy in Url form. (https://proxy.example.corp:8080)
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ProxyCredentials <ICredentials>
The credentials of the web proxy.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ProxyBypassOnLocal <SwitchParameter>
Indicates whether to bypass the proxy server for local addresses.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-ProxyBypassList <string[]>
A address that does not use the proxy server.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-RegionMap <Hashtable>
Hashtable mapping containing role names to AWS region endpoint system names. Role names can be valid regex
strings, first match is returned.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-TokenDurationInMinutes <int>
Duration in minutes how long the credentials session token will be valid for. UseAssertionDocumentDuration has
precedence if set.
Required? false
Position? named
Default value 60
Accept pipeline input? false
Accept wildcard characters? false
-UseAssertionDocumentDuration <SwitchParameter>
Use the duration time that was applied for the SAML assertion document for the token duration.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
The name of the endpoint you gave when calling Set-AWSSamlEndpoint with your URL to the IBM IAM server.
System.String
The AWS principal ARN for the role you want to assume.
System.String
The AWS role ARN for the role you want to assume.
OUTPUTS
IBM.IAM.AWS.SecurityToken.SAML.StoredInfo
Results of the authentication attempt.
---------- EXAMPLE 1 ----------
$endpoint = 'https://sso.mycompany.com/saml20/logininitial'
Set-AWSSamlEndpoint -Endpoint $endpoint -StoreAs 'IBMEP'
Set-AwsIbmSamlCredentials -EndpointName 'IBMEP'
---------- EXAMPLE 2 ----------
$endpoint = 'https://sso.mycompany.com/saml20/logininitial'
Set-AWSSamlEndpoint -Endpoint $endpoint -StoreAs 'IBMEP'
Set-AwsIbmSamlCredentials -EndpointName 'IBMEP' -Credential (Get-Credential -UserName 'MyUsername' -Message 'IBM
IAM SAML Server') -RegionMap @{;"West_EU_"="eu-west-1";"West_"="us-west-1";"East_"="us-east-1"}
RELATED LINKS
SYNOPSIS
Authenticates a user against IBM IAM server to utilize roles granted in AWS via AWS PowerShell cmdlets.
SYNTAX
Set-AwsIbmSamlCredentials -EndpointName <string> [-AwsAccountId <string[]>] [-Credential <PSCredential>]
[-ErrorClass <string>] [-ErrorElement <string>] [-HelpFindResource <string>] [-PrincipalARN <string>]
[-ProxyAddress <Uri>] [-ProxyBypassList <string[]>] [-ProxyBypassOnLocal <SwitchParameter>] [-ProxyCredentials
<ICredentials>] [-RegionMap <Hashtable>] [-RoleARN <string>] [-SecurityProtocol {SystemDefault | Ssl3 | Tls |
Tls11 | Tls12 | Tls13}] [-SingleMatch <SwitchParameter>] [-StoreAs <string>] [-STSEndpointRegion <string>]
[-TokenDurationInMinutes <int>] [-UseAssertionDocumentDuration <SwitchParameter>] [<CommonParameters>]
Set-AwsIbmSamlCredentials -EndpointName <string> -StoreAllRoles <SwitchParameter> [-AwsAccountId <string[]>]
[-Credential <PSCredential>] [-ErrorClass <string>] [-ErrorElement <string>] [-ProxyAddress <Uri>]
[-ProxyBypassList <string[]>] [-ProxyBypassOnLocal <SwitchParameter>] [-ProxyCredentials <ICredentials>]
[-RegionMap <Hashtable>] [-SecurityProtocol {SystemDefault | Ssl3 | Tls | Tls11 | Tls12 | Tls13}]
[-STSEndpointRegion <string>] [-TokenDurationInMinutes <int>] [-UseAssertionDocumentDuration <SwitchParameter>]
[<CommonParameters>]
DESCRIPTION
Authenticates a user against IBM IAM server to utilize roles granted in AWS via AWS PowerShell cmdlets.
PARAMETERS
-EndpointName <string>
The name of the endpoint you gave when calling Set-AWSSamlEndpoint with your URL to the IBM IAM server.
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-PrincipalARN <string>
The AWS principal ARN for the role you want to assume.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-RoleARN <string>
The AWS role ARN for the role you want to assume.
Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-Credential <PSCredential>
The credentials you want to use to auto-login to the IBM IAM server.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-StoreAs <string>
Store a successful login into this profile name. Then use it with -ProfileName with AWS cmdlets.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-AwsAccountId <string[]>
AWS account id to filter out roles only in a specific account.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-HelpFindResource <string>
Search for a specific keyword in a role to mark it as the default choice.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SingleMatch <SwitchParameter>
If only one role matches the value in HelpFindResource, then select that single role and don't ask the user
which to use.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-SecurityProtocol <SecurityProtocolType>
Set what Security Protocol to use when connecting over HTTPS. Default: TLS 1.2
Possible values: SystemDefault, Ssl3, Tls, Tls11, Tls12, Tls13
Required? false
Position? named
Default value Tls12
Accept pipeline input? false
Accept wildcard characters? false
-ErrorElement <string>
Set what HTML element will contain a error response if there is a error from bad login. Default: P
Required? false
Position? named
Default value p
Accept pipeline input? false
Accept wildcard characters? false
-ErrorClass <string>
Set what HTML class the ErrorElement will contain for a error response if there is a error from bad login.
Default: error
Required? false
Position? named
Default value error
Accept pipeline input? false
Accept wildcard characters? false
-StoreAllRoles <SwitchParameter>
Assume role and store all roles in local AWS shared credential store
Required? true
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-STSEndpointRegion <string>
Region to use when calling SecurityTokenService's AssumeRoleWithSAML. Default: us-east-2
Required? false
Position? named
Default value us-east-2
Accept pipeline input? false
Accept wildcard characters? false
-ProxyAddress <Uri>
The address of the proxy in Url form. (https://proxy.example.corp:8080)
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ProxyCredentials <ICredentials>
The credentials of the web proxy.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ProxyBypassOnLocal <SwitchParameter>
Indicates whether to bypass the proxy server for local addresses.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-ProxyBypassList <string[]>
A address that does not use the proxy server.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-RegionMap <Hashtable>
Hashtable mapping containing role names to AWS region endpoint system names. Role names can be valid regex
strings, first match is returned.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-TokenDurationInMinutes <int>
Duration in minutes how long the credentials session token will be valid for. UseAssertionDocumentDuration has
precedence if set.
Required? false
Position? named
Default value 60
Accept pipeline input? false
Accept wildcard characters? false
-UseAssertionDocumentDuration <SwitchParameter>
Use the duration time that was applied for the SAML assertion document for the token duration.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
The name of the endpoint you gave when calling Set-AWSSamlEndpoint with your URL to the IBM IAM server.
System.String
The AWS principal ARN for the role you want to assume.
System.String
The AWS role ARN for the role you want to assume.
OUTPUTS
IBM.IAM.AWS.SecurityToken.SAML.StoredInfo
Results of the authentication attempt.
---------- EXAMPLE 1 ----------
$endpoint = 'https://sso.mycompany.com/saml20/logininitial'
Set-AWSSamlEndpoint -Endpoint $endpoint -StoreAs 'IBMEP'
Set-AwsIbmSamlCredentials -EndpointName 'IBMEP'
---------- EXAMPLE 2 ----------
$endpoint = 'https://sso.mycompany.com/saml20/logininitial'
Set-AWSSamlEndpoint -Endpoint $endpoint -StoreAs 'IBMEP'
Set-AwsIbmSamlCredentials -EndpointName 'IBMEP' -Credential (Get-Credential -UserName 'MyUsername' -Message 'IBM
IAM SAML Server') -RegionMap @{;"West_EU_"="eu-west-1";"West_"="us-west-1";"East_"="us-east-1"}
RELATED LINKS