I am writing a Python script that will allow me to assume STS into AWS without having to have API Creds in the AWS account. I'm having an issue getting some of the parameters out of the app via the API. I need the role ARN and the identity provider ARN to make this call successful. Both of these reside in the parameters section of each app in our OneLogin.
How can I get the parameters out of the application via the API?
You could call the OneLogin SAML assertion API (you'll need a username a password and an API token)
This will return a SAML assertion for the user/AWS app and the role and IDP ARN information should be encoded in it (assuming it's configured correctly)
https://developers.onelogin.com/api-docs/1/saml-assertions/generate-saml-assertion