AD FS credentials
A SAML-based authentication mechanism that enables authentication to Athena using Microsoft Active Directory Federation Services (AD FS). This method assumes that the user has already set up a federation between Athena and AD FS.
Credentials provider
The credentials provider that will be used to authenticate requests to Amazon. Set
the value of this parameter to ADFS
.
Parameter name | Alias | Parameter type | Default value | Value to use |
---|---|---|---|---|
CredentialsProvider | AWSCredentialsProviderClass (deprecated) | Required | none | ADFS |
User
The email address of the AD FS user to use for authentication with AD FS.
Parameter name | Alias | Parameter type | Default value |
---|---|---|---|
User | UID (deprecated) | Required for form-based authentication. Optional for Windows Integrated Authentication. | none |
Password
The password for the AD FS user.
Parameter name | Alias | Parameter type | Default value |
---|---|---|---|
Password | PWD (deprecated) | Required for form-based authentication. Optional for Windows Integrated Authentication. | none |
ADFS host name
The address for your AD FS server.
Parameter name | Alias | Parameter type | Default value |
---|---|---|---|
AdfsHostName | IdP_Host (deprecated) | Required | none |
ADFS port number
The port number to use to connect to your AD FS server.
Parameter name | Alias | Parameter type | Default value |
---|---|---|---|
AdfsPortNumber | IdP_Port (deprecated) | Required | none |
ADFS relying party
The trusted relying party. Use this parameter to override the AD FS relying party endpoint URL.
Parameter name | Alias | Parameter type | Default value |
---|---|---|---|
AdfsRelyingParty | LoginToRP (deprecated) | Optional | urn:amazon:webservices |
ADFS WIA enabled
Boolean. Use this parameter to enable Windows Integrated Authentication (WIA) with AD FS.
Parameter name | Alias | Parameter type | Default value |
---|---|---|---|
AdfsWiaEnabled | none |
Optional | FALSE |
Preferred role
The Amazon Resource Name (ARN) of the role to assume. For information about ARN
roles, see AssumeRole
in the Amazon Security Token Service API
Reference.
Parameter name | Alias | Parameter type | Default value |
---|---|---|---|
PreferredRole | preferred_role (deprecated) | Optional | none |
Role session duration
The duration, in seconds, of the role session. For more information, see AssumeRole
in the Amazon Security Token Service API
Reference.
Parameter name | Alias | Parameter type | Default value |
---|---|---|---|
RoleSessionDuration | Duration (deprecated) | Optional | 3600 |
Lake Formation enabled
Specifies whether to use the AssumeDecoratedRoleWithSAML
Lake Formation API action to
retrieve temporary IAM credentials instead of the AssumeRoleWithSAML
Amazon STS API action.
Parameter name | Alias | Parameter type | Default value |
---|---|---|---|
LakeFormationEnabled | none |
Optional | FALSE |