Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Cognito does not pass 'login_hint' to Federated SAML Identity Provider

1

On my initial request to https://(my domain).auth.(region).amazoncognito.com/oauth2/authorize I can see that the login_hint parameter is present on the query string. That value is unfortunately not present on the redirect to the SAML2 endpoint.

The result of this is that users must enter their e-mail address first on our site, and then a second time at their identity provider.

How do I specify this value on the /authorize request in such a way that it will be passed through?

  • Priyank
    hace 8 meses

    I have similar situation and facing same issue. Did you find any solution?

Temas
Seguridad, identidad y cumplimiento
Etiquetas
Amazon CognitoIdentidades federadas de Amazon Cognito
Idioma
English
gavinNBS
preguntada hace 2 años621 visualizaciones
1 Respuesta
0

You can add it directly in your SAML metadata. eg <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<domain>/saml2?login_hint=<login_hint>"/>

rePost-User-5939308
respondido hace un año
  • Priyank
    hace 8 meses

    That won't work because parameter needs to be passthrough from /authorize request to SAML request. do you have any other option?

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante