https://developers.onelogin.com/api-docs/1/saml-assertions/generate-saml-assertion
I'm generating a SAML assertion to use with AWS assumerolewithSAML, to generate temporary access keys and have this working, but I'd prefer to not have to pass a password...
I understand passing the password is over https and reasonably secure, but was thinking about having a process to do this on a schedule so that people requiring an AWS access key could run a script to refresh their keys since AWS only allows max 1 hour lifetime of temporary credentials. I don't want this script to know/memorize user passwords etc.
Not sure if we could use some other method or even a salted password? Any other secure thoughts?