By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post
/Setting console display name when using signin.aws.amazon.com/federation/

Setting console display name when using signin.aws.amazon.com/federation

0

According to this Jeff Barr blog post, it is possible to set the username in the upper right of the AWS console when federating in via the signin.aws.amazon.com/federation endpoint. It never states what query parameter to use to set it. I've tried DisplayName, Name and display_name, but none seem to work, the display name is always set to role/rolesession @ aws account id/alias. The signin.aws.amazon.com/switchrole api allows you to set display_name and color. Can someone with access to the code see whether it is possible to set the display name with the federation endpoint and what query parameter to use to set it?

Topics
Security Identity & ComplianceManagement & Governance
Tags
AWS Identity and Access ManagementAWS Management Console
perpil
asked 16 days ago34 views
2 Answers
0

Are you interested in setting a display name when you log in with an IAM role? If so, you can set the RoleSessionNameAttribute.

The value of the Name attribute in the Attribute tag is case-sensitive. It must be set to https://aws.amazon.com/SAML/Attributes/RoleSessionName exactly.

Example:

<Attribute Name="https://aws.amazon.com/SAML/Attributes/RoleSessionName">
  <AttributeValue>user-id-name</AttributeValue>
</Attribute>
Taka_M
answered 16 days ago
  • perpil 16 days ago

    I am aware you can set rolesessionname and have that appear in the upper right of the console as: "role/rolesessionname @ aws account or alias". What I'm specifically asking is if you can set it to an arbitrary value like you can with the switchrole api. That endpoint allows you to set both the display name and the color and it allows things like spaces which you can't use in the rolesessionname. With that api, I have the flexibility of setting it to something like: "Speedrun Prod Admin us-west-2". Whereas setting the role session name would make it something like: "speedrun-Admin/Speedrun-Prod-Admin-us-west-2 @ XXXXXXXXXXX"

0

re: What I'm specifically asking is if you can set it to an arbitrary value like you can with the switchrole api.

No. (as far as I can tell). The switch role widget you reference to specifically calls out displayName.

My interpretation is you want the AWS Console UI reflect an arbitrary value. AWS Console being a first party user interface hasn't been particular customization within a AWS account.

smoy
answered 16 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant questions