I have been working on https://github.com/versent/saml2aws for a couple of years, this tool enables developers to use SSO from the command line to get short lived credentials from AWS. As most SSO services don't have an API for authentication, this is done using screen scraping. This has resulted in:
- A brittle solution which requires reverse engineering and lots of patience seeing what you can get away with.
- This is now how SSO is suppose to work, it is designed for browsers only.
- Runs into tons of problems if you have multiple layers of SSO, as services send users off to social or third party authentication of users.
So we need a better way to integrate CLI tools with SSO to enable these tools to acquire and use short term credentials.