Skip to content

Latest commit

 

History

History
67 lines (58 loc) · 1.48 KB

INSTALLATION.md

File metadata and controls

67 lines (58 loc) · 1.48 KB

SAML.to Self Hosted Installation

AWS IAM RBAC

GitHub Identity Provider

  1. Provider URL: https://token.actions.githubusercontent.com
  2. Audience: sts.amazonaws.com

AWS IAM Role

Trust Relationship:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Federated": "arn:aws:iam::123456123456:oidc-provider/token.actions.githubusercontent.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringLike": {
          "token.actions.githubusercontent.com:sub": "repo:saml-to/self-hosted:*"
        },
        "StringEquals": {
          "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
        }
      }
    }
  ]
}

GitHub App

  1. Create a GitHub App
  2. Set Homepage URL
  3. Set Callback URL
  4. Enable Request user authorization (OAuth) during installation
  5. Enable Device Flow
  6. Set Webhook URL
  7. Set Webhook Secret
  8. Set Repository Permissions
    1. Repo Admin R/W?
    2. Webhooks R/W?
    3. Single File: saml-to.yml
  9. Set Organization Permissions
    1. Members R/O
  10. Set Member Permssions
    1. Email Addresses R/O
  11. Set Events
    1. Member
    2. Meta
    3. Membership
    4. Organization
    5. Repository
    6. Team
    7. Team Add
  12. Generate a Client Secret
    1. Copy into GitHub Secrets: NAME: TODO
  13. Generate a Private Key
    1. Base64 Encode: cat ~/Downloads/saml-to-self-hosted.2024-02-04.private-key.pem | base64
    2. Copy into GitHub Secrets: NAME: TODO