fix for satosa

create_saml_aws.sh

@@ -3,15 +3,15 @@
 [ $# -eq 0 ] && { echo "Usage: $0 name_of_idp "; exit 1; }
 
 # call to create the saml provider in the AWS accounts
-aws iam create-saml-provider --saml-metadata-document file://idp.xml --name $1
+aws iam create-saml-provider --saml-metadata-document file://idp.xml --name $1 --profile=$2
 if [ $? -ne 0 ]
   then
     echo "creation failed, read the readme and make sure you have an IAM role to perform this action"
     exit 1
 fi
 
 # create iam roles that saml users can assume, currently administrator or readonly roles:
-aws iam create-role --role-name administrator --assume-role-policy-document file://shibpolicy.json
-aws iam attach-role-policy --role-name administrator --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
-aws iam create-role --role-name readonly --assume-role-policy-document file://shibpolicy.json
-aws iam attach-role-policy --role-name readonly --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
+aws iam create-role --role-name administrator --assume-role-policy-document file://shibpolicy.json --profile=$2
+aws iam attach-role-policy --role-name administrator --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --profile=$2
+aws iam create-role --role-name readonly --assume-role-policy-document file://shibpolicy.json --profile=$2
+aws iam attach-role-policy --role-name readonly --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess --profile=$2

shibpolicy.json

@@ -5,7 +5,7 @@
       "Effect": "Allow",
       "Action": "sts:AssumeRoleWithSAML",
       "Principal": {
-        "Federated": "arn:aws:iam::123456789012:saml-provider/login.at.internet2.edu"
+        "Federated": "arn:aws:iam::135656781587:saml-provider/SATOSA"
       },
       "Condition": {
         "StringEquals": {