Versent · Cyb3r-Jak3 · Nov 20, 2025 · Nov 20, 2025
diff --git a/.goreleaser.macos-latest.yml b/.goreleaser.macos-latest.yml
@@ -8,7 +8,7 @@ builds:
     - -trimpath
     - -v
   ldflags:
-    - -s -w -X main.Version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}}
+    - -s -w -X 'github.com/versent/saml2aws/v2/pkg/version.Version={{.Version}}'
   goos:
     - darwin
   goarch:

diff --git a/.goreleaser.ubuntu-22.04.yml b/.goreleaser.ubuntu-22.04.yml
@@ -9,7 +9,7 @@ builds:
     - -trimpath
     - -v
   ldflags:
-    - -s -w -X main.Version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}}
+    - -s -w -X 'github.com/versent/saml2aws/v2/pkg/version.Version={{.Version}}'
   goos:
     - linux
   goarch:
@@ -91,4 +91,4 @@ docker_manifests:
   - name_template: ghcr.io/{{ .Env.IMAGE_NAME }}:latest
     image_templates:
     - ghcr.io/{{ .Env.IMAGE_NAME }}:latest-amd64
-    - ghcr.io/{{ .Env.IMAGE_NAME }}:latest-arm64
+    - ghcr.io/{{ .Env.IMAGE_NAME }}:latest-arm64
diff --git a/.goreleaser.ubuntu-latest.yml b/.goreleaser.ubuntu-latest.yml
@@ -8,7 +8,7 @@ builds:
     - -trimpath
     - -v
   ldflags:
-    - -s -w -X main.Version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}}
+    - -s -w -X 'github.com/versent/saml2aws/v2/pkg/version.Version={{.Version}}'
   goos:
     - windows
     - linux

diff --git a/README.md b/README.md
@@ -228,6 +228,8 @@ Flags:
       --disable-keychain       Do not use keychain at all. This will also disable Okta sessions & remembering MFA device. (env: SAML2AWS_DISABLE_KEYCHAIN)
   -r, --region=REGION          AWS region to use for API requests, e.g. us-east-1, us-gov-west-1, cn-north-1 (env: SAML2AWS_REGION)
       --prompter=PROMPTER      The prompter to use for user input (default, pinentry)
+      --user-agent
+      --user-agent-override    String to append to the user-agent (env: SAML2AWS_USER_AGENT")
 
 Commands:
   help [<command>...]

diff --git a/cmd/saml2aws/main.go b/cmd/saml2aws/main.go
@@ -14,11 +14,7 @@ import (
 	"github.com/versent/saml2aws/v2/cmd/saml2aws/commands"
 	"github.com/versent/saml2aws/v2/pkg/flags"
 	"github.com/versent/saml2aws/v2/pkg/prompter"
-)
-
-var (
-	// Version app version
-	Version = "1.0.0"
+	"github.com/versent/saml2aws/v2/pkg/version"
 )
 
 // The `cmdLineList` type is used to make a `[]string` meet the requirements
@@ -60,7 +56,7 @@ func main() {
 	}
 
 	app := kingpin.New("saml2aws", "A command line tool to help with SAML access to the AWS token service.")
-	app.Version(Version)
+	app.Version(version.Version)
 
 	// Settings not related to commands
 	verbose := app.Flag("verbose", "Enable verbose logging").Bool()
@@ -92,6 +88,8 @@ func main() {
 	app.Flag("region", "AWS region to use for API requests, e.g. us-east-1, us-gov-west-1, cn-north-1 (env: SAML2AWS_REGION)").Envar("SAML2AWS_REGION").Short('r').StringVar(&commonFlags.Region)
 	app.Flag("prompter", "The prompter to use for user input (default, pinentry)").StringVar(&commonFlags.Prompter)
 	app.Flag("kc-broker", "The kc broker to use when authenticating via keycloak").StringVar(&commonFlags.KCBroker)
+	app.Flag("user-agent", "String to append to the user-agent (env: SAML2AWS_USER_AGENT").Envar("SAML2AWS_USER_AGENT").StringVar(&commonFlags.UserAgent)
+	app.Flag("user-agent-override", "String to replace the existing user-agent with (env: SAML2AWS_USER_AGENT_OVERRIDE)").Envar("SAML2AWS_USER_AGENT_OVERRIDE").StringVar(&commonFlags.UserAgentOverride)
 
 	// `configure` command and settings
 	cmdConfigure := app.Command("configure", "Configure a new IDP account.")

diff --git a/pkg/cfg/cfg.go b/pkg/cfg/cfg.go
@@ -70,6 +70,8 @@ type IDPAccount struct {
 	KCAuthErrorMessage    string `ini:"kc_auth_error_message,omitempty"` // used by KeyCloak; hide from user if not set
 	KCAuthErrorElement    string `ini:"kc_auth_error_element,omitempty"` // used by KeyCloak; hide from user if not set
 	KCBroker              string `ini:"kc_broker"`                       // used by KeyCloak;
+	UserAgent             string `ini:"user_agent"`
+	UserAgentOverride     string `ini:"user_agent_override"`
 }
 
 func (ia IDPAccount) String() string {

diff --git a/pkg/flags/flags.go b/pkg/flags/flags.go
@@ -40,6 +40,8 @@ type CommonFlags struct {
 	DisableSessions       bool
 	Prompter              string
 	KCBroker              string
+	UserAgent             string
+	UserAgentOverride     string
 }
 
 // LoginExecFlags flags for the Login / Exec commands
@@ -156,4 +158,10 @@ func ApplyFlagOverrides(commonFlags *CommonFlags, account *cfg.IDPAccount) {
 	if commonFlags.Prompter != "" {
 		account.Prompter = commonFlags.Prompter
 	}
+	if commonFlags.UserAgent != "" {
+		account.UserAgent = commonFlags.UserAgent
+	}
+	if commonFlags.UserAgentOverride != "" {
+		account.UserAgentOverride = commonFlags.UserAgentOverride
+	}
 }
diff --git a/pkg/provider/http.go b/pkg/provider/http.go
@@ -16,6 +16,7 @@ import (
 	"github.com/versent/saml2aws/v2/pkg/cfg"
 	"github.com/versent/saml2aws/v2/pkg/cookiejar"
 	"github.com/versent/saml2aws/v2/pkg/dump"
+	"github.com/versent/saml2aws/v2/pkg/version"
 	"golang.org/x/net/publicsuffix"
 )
 
@@ -32,9 +33,11 @@ const (
 )
 
 type HTTPClientOptions struct {
-	IsWithRetries bool //http retry feature switch
-	AttemptsCount uint
-	RetryDelay    time.Duration
+	IsWithRetries     bool //http retry feature switch
+	AttemptsCount     uint
+	RetryDelay        time.Duration
+	UserAgent         string
+	UserAgentOverride string
 }
 
 // NewDefaultTransport configure a transport with the TLS skip verify option
@@ -93,7 +96,14 @@ func NewHTTPClient(tr http.RoundTripper, opts *HTTPClientOptions) (*HTTPClient,
 // Do do the request
 func (hc *HTTPClient) Do(req *http.Request) (*http.Response, error) {
 
-	req.Header.Set("User-Agent", fmt.Sprintf("saml2aws/1.0 (%s %s) Versent", runtime.GOOS, runtime.GOARCH))
+	req.Header.Set("User-Agent", fmt.Sprintf("saml2aws/%s (%s %s) Versent", version.Version, runtime.GOOS, runtime.GOARCH))
+
+	if hc.Options.UserAgent != "" {
+		req.Header.Set("User-Agent", fmt.Sprintf("%s (%s)", req.UserAgent(), hc.Options.UserAgent))
+	}
+	if hc.Options.UserAgentOverride != "" {
+		req.Header.Set("User-Agent", hc.Options.UserAgent)
+	}
 
 	var resp *http.Response
 	var err error

diff --git a/pkg/provider/http_test.go b/pkg/provider/http_test.go
@@ -1,8 +1,10 @@
 package provider
 
 import (
+	"fmt"
 	"net/http"
 	"net/http/httptest"
+	"runtime"
 	"testing"
 
 	"github.com/stretchr/testify/require"
@@ -72,3 +74,49 @@ func TestClientDoResponseCheck(t *testing.T) {
 	require.Error(t, err)
 	require.Equal(t, 400, res.StatusCode)
 }
+
+func TestClientDoUserAgent(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, fmt.Sprintf("saml2aws/1.0 (%s %s) Versent (Test)", runtime.GOOS, runtime.GOARCH), r.UserAgent())
+		_, _ = w.Write([]byte("OK"))
+	}))
+	defer ts.Close()
+
+	rt := NewDefaultTransport(false)
+	opts := &HTTPClientOptions{IsWithRetries: false, UserAgent: "Test"}
+	hc, err := NewHTTPClient(rt, opts)
+	require.Nil(t, err)
+
+	// hc := &HTTPClient{Client: http.Client{}}
+
+	req, err := http.NewRequest("GET", ts.URL, nil)
+	require.Nil(t, err)
+
+	res, err := hc.Do(req)
+	require.Nil(t, err)
+
+	require.Equal(t, 200, res.StatusCode)
+}
+
+func TestClientDoUserAgentOverride(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, "Test", r.UserAgent())
+		_, _ = w.Write([]byte("OK"))
+	}))
+	defer ts.Close()
+
+	rt := NewDefaultTransport(false)
+	opts := &HTTPClientOptions{IsWithRetries: false, UserAgentOverride: "Test"}
+	hc, err := NewHTTPClient(rt, opts)
+	require.Nil(t, err)
+
+	// hc := &HTTPClient{Client: http.Client{}}
+
+	req, err := http.NewRequest("GET", ts.URL, nil)
+	require.Nil(t, err)
+
+	res, err := hc.Do(req)
+	require.Nil(t, err)
+
+	require.Equal(t, 200, res.StatusCode)
+}
diff --git a/pkg/version/version.go b/pkg/version/version.go
@@ -0,0 +1,3 @@
+package version
+
+var Version = "1.0"