SAML to AWS STS Keys Conversion

Generates file with AWS STS Keys after logging in to AWS webconsole using SSO (SAML 2.0). It leverages 'assumeRoleWithSAML' API.

Users10K

Rating3.8

Reviews9

Manifest versionV3

7-day growth0

7-day growth rate0%

Preview

SAML to AWS STS Keys Conversion Media preview

1 assets

Trend

30-day user trend

Review user movement over the last 30 days.

User Growth Over Time

Rating trend

30-day rating change

Track rating movement over time to see whether quality signals remain stable.

30-day rating change

Start

3.78

Latest

3.78

30-day rating change

0.00

2026年5月29日2026年6月4日

Growth overview

Daily, weekly, and monthly growth

Compare 1-day, 7-day, and 30-day net growth and growth rate.

1-day growthFlat

00%

7-day growthFlat

00%

30-day growthFlat

00%

Technical snapshot

Version, languages, and crawl freshness

Review publication date, version, supported languages, and crawl timestamps.

Version3.3

ManifestV3

Size157KiB

Languages1English

Published--

Store updated--

Last crawled--

Overview

Product summary

Review the store description, core capabilities, and common use cases.

Google Chrome Extension which converts a SAML 2.0 assertion to AWS STS Keys (temporary credentials -> AccessKeyId, SecretAccessKey and SessionToken).

### Why this Chrome Extension? ###

If you don't have any user administration setup within AWS Identity & Access Management (IAM) but instead rely on your corporate user directory, i.e. Microsoft Active Directory. Your company uses a SAML 2.0 Identity Provider (IDP) to log in to the AWS Web Management Console (Single Sign On). Then this Chrome Estension if for you!

You run into trouble as soon as you would like to execute some fancy scripts from your computer which calls the AWS API's. When sending a request to the AWS API's you need credentials, meaning an AccessKey and SecretKey. You can easily generate these keys for each user in AWS IAM. However, since you don't have any users in AWS IAM and don't want to create users just for the sake of having an AccessKey and SecretKey you are screwed. But there is a way to get temporary credentials specifically for your corporate identity.

The Security Token Service (STS) from AWS provides an API action assumeRoleWithSAML. Using the SAML Assertion given by your IDP the Chrome Extension will call this API action to fetch temporary credentials. (AccessKeyId, SecretAccessKey and SessionToken). This way there is no need to create some sort of anonymous user in AWS IAM used for executing scripts. This would be a real security nightmare, since it won't be possible to audit who did what. This Chrome Extension however will make it super easy for you to just use your corporate identity for executing scripts calling AWS API's.

Reviews

Recent review snapshot

Inspect the latest comments and rating distribution.

The Chrome Web Store shows 9 reviews, but only 0 review bodies have synced into ExtScope so far. Showing the synced reviews available right now.

5★

4★

3★

2★

1★

Similar and related extensions

Review related products from the Chrome Web Store detail page.

SAML to AWS STS Keys Conversion Multi Profile

Workflow & Planning

Generates credential/config file with multiple AWS STS Keys after logging in to AWS webconsole using SSO (SAML 2.0).

My Apps Secure Sign-in Extension

Workflow & Planning

My Apps Secure Sign-in Extension

CloudKeeper - Credential Helper

Developer Tools

AWS SSO External AWS Account - STS Keys Generator

AWS Extend Switch Roles

Developer Tools

Extend your AWS IAM switching roles. You can set the configuration like aws config format

SAML-tracer

Developer Tools

A debugger for viewing SAML messages

AWS Console Fixes

Developer Tools

FreemiumConfidence 64

Fix annoyances in the AWS Management Console.

AI product read

Converts SAML 2.0 assertions from corporate SSO login to AWS STS temporary credentials (AccessKeyId, SecretAccessKey, SessionToken) and downloads them as a credentials file for use with AWS CLI/SDKs

Organizations using corporate SAML 2.0 Identity Providers (e.g., Active Directory) for AWS SSO don't have IAM users with permanent access keys. Developers need programmatic credentials to run local scripts that call AWS APIs. This extension bridges that gap by intercepting the SAML authentication flow and automatically generating temporary STS credentials without creating IAM users.

1. User activates extension and logs in to AWS web console via corporate SAML 2.0 SSO. 2. Extension intercepts the SAML POST request to https://signin.aws.amazon.com/saml. 3. Extension decodes the base64 SAML assertion and extracts role/session attributes. 4. Extension calls AWS STS assumeRoleWithSAML API with the SAML assertion. 5. Temporary credentials are formatted as an AWS credentials file. 6. If additional roles are configured, extension calls assumeRole for each. 7. Credentials file is downloaded to the user's computer.

Target users: DevOps engineers and developers in corporate environments using SAML SSO for AWS / IT administrators who need programmatic AWS access without creating IAM users / Organizations with Microsoft Active Directory or other SAML 2.0 IdPs integrated with AWS

Cannot verify if AWS STS API calls are rate-limited or require specific AWS account configuration from the code alone
The extension uses <all_urls> host permission which is broad but explained in changelog as necessary for webRequest API since Chrome 72

Monetization

No paid features detected

No evidence of paid features, subscriptions, or payment gating in the extension. The extension is open source on GitHub (prolane/samltoawsstskeys). No payment platform integrations found. No premium/upgrade UI or code. All keyword hits for 'pro' are false positives appearing in words like 'profile', 'process', 'provider', 'property'. The extension calls AWS STS APIs which are part of standard AWS service usage, not gated by the extension.

Confidence: 95
Payment platform: --
Source: AI / High
Login required: Yes
Reason: The core workflow requires the user to log in to AWS via a corporate SAML 2.0 Identity Provider (SSO). The extension intercepts requests to https://signin.aws.amazon.com/saml (background/script.js line 47) to capture the SAML assertion after the user authenticates. Without this authentication, the extension has no SAML assertion to process and cannot function. The extension itself does not implement its own login system or create accounts.

Permission risk

High-risk permissions

This estimate uses declared permissions and host permissions to assess access scope and sensitivity.

扩展能力较强：webRequest、storage、downloads
主机权限覆盖范围较宽

Publisher

prolane.org

Independent publisher

Email: [email protected]
Phone: --
Address: --

Public contact fields are shown above. Developer portfolio pages are available on paid accounts.

View developer portfolio

Permissions

Host access