1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
0
Hi,
It is not possible to intercept or access the original SAML response that Azure AD sends to Cognito idpresponse endpoint. This SAML response is validated by Cognito and attributes in the assertion are mapped to cognito attributes as you configured them. Is it possible to send this oauth2 token as an attribute inside the SAML assertion and map it to a custom attribute in Cognito?
Contenido relevante
- ¿Cómo configuro un proveedor de identidades SAML externo con un grupo de usuarios de Amazon Cognito?OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace 6 meses
- OFICIAL DE AWSActualizada hace 3 años
Thanks for confirming that the SAML response that Azure AD sends to Cognito idpresponse endpoint cannot be intercepted. Just was looking through the Azure AD SAML attribute mappings but it does not list either the idToken or accessToken that can be mapped as an attribute. We can choose from the attributes like first name, last name and so on individually but cannot have the token itself as an attribute in the SAML mapping. As you mentioned above, in case that was possible, it would be then mapping that as a custom attribute in Cognito