Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6983: All Centrify roles a user belongs to is sending to AWS when launching AWS SAML app

Centrify Identity Service, App Edition ,  

4 October,16 at 12:26 PM

Applies to:  All versions of Centrify Identity Service, App Edition


Question:

When user launches the AWS SAML app in Centrify User Portal, all Centrify roles the user belongs to is showing on the AWS page for selection as below:

awsRoles
Is there any way to show only any AWS-related role?


Answer:


 

This is the sample script that use to filter out the non-AWS roles.
 

var roleNames = LoginUser.RoleNames;
var attrArray = new Array();
var accountNumber = CorpIdentifier.replace(/[- ]/g, '');
for (var i=0; i < roleNames.Length; i++)
{
  if (roleNames[i].indexOf("AWS") != -1) {
    var v = 'arn:aws:iam::' + accountNumber + ':role/' + roleNames[i] + ',arn:aws:iam::' + accountNumber + ':saml-provider/Centrify';
    attrArray.push(v);
  }
}
setAttributeArray('https://aws.amazon.com/SAML/Attributes/Role', attrArray);

With this SAML script, only role(s) whose name contains "AWS" will be sent to AWS in the SAML attribute 'https://aws.amazon.com/SAML/Attributes/Role', and thus, e.g. only "Centrify-AWS-Admin-Test" will be showing in the above screenshot after modifying the SAML script.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.