2

I'm prototyping deployment of an application via AWS AppStream. Access to the stream is managed via a web portal (using SAML). My application needs to know the identity of the user. I could prompt them but I don't want to make them login to both the portal and the application. I want to get the credentials they supplied at the portal. (AppStream instances run under the "PhotonUser" account, so I can't get the username from the OS.)

The AWS SDK has a Session class which contains the user ID but I can't find a way to get an instance of it for the current streaming session.

Michael Carman
  • 30,628
  • 10
  • 74
  • 122

2 Answers2

3

Have the portal pass a token identifying the user into the AppStream as session context. The token can be anything you want (subject to an unenforced 1024 byte limit) but should probably include a timestamp so that it can be expired and a signature to ensure that it hasn't been forged or tampered with.

Modify your portal to create a custom URL for each user via the CreateStreamingURL API to supply the token as session context. The application in your AppStream will see the session context a command-line argument. Parse and validate the token (i.e. check it for expiration and verify the signature).

Michael Carman
  • 30,628
  • 10
  • 74
  • 122
0

AppStream_UserName environment variable is set in each and every session.

So your portal should grab their email address and use this with CreateStreamingURLRequest(plus stack, fleet etc). The portal should now redirect their browser session to this URL.

In that running instance AppStream_UserName will be their email address.

John Sheehan
  • 1