En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

AWS Identity Centre with Azure AD -"Looks like this code isn't right"

0

I am trying to connects AWS Identity Centre for SSO with Azure AD.

I have configured as per the docs, and for authenticated Azure users I get re-directed to AWS but the error message I get is "Looks like this code isn't right. Please try again."

I have Automatic provisioning enable and working, so only valid users from AzureAD exist in AWS Identity Centre

Can anyone suggest where I can look next?

Sujets
Sécurité, identité et conformité
Balises
Gestion des identités et des accès AWS
Langue
English
Indy Bains
demandé il y a un an2082 vues
3 réponses
0
Réponse acceptée

this was resolved for me with the below resolution

If you have allowed Guest Users for your Azure AD and you would like to use those users to authenticate to AWS : This creates a mismatch between the username received in the SAML response from the AD and the actual username in AWS IAM Identity Center.

Resolution

To resolve this issue, may you kindly consider modifying the user claims sent with the SAML response to AWS SSO from Azure, so that, you can send the correct attribute for your guest AD users [1][2]. Please follow the following steps:

1. Login to your Azure portal and navigate to Azure AD Directory
2. Select Enterprise application from the left pane and select the required AWS application
3. Navigate to "Single Sign on" tab from the left pane
4. Click on Edit button next to "User Attributes & Claims"
5. Select the "Unique User Identifier (Name ID)" under Required Claims.
6. Now we would need to create two claim conditions (present at the bottom the screen), one for your AD users and other for your Guest users as follows.

	Members    		-   Attribute    -     user.userprincipalname
	Guests        	-   Attribute    -     user.mail

7. Save the edits and try the login process again and you should be able to log in. You might need to clear your browser cache completely.
Indy Bains
répondu il y a un an
profile picture
EXPERT
Sedat Salman
vérifié il y a 4 mois
0

Hi,

Thank you for reaching out to us! This error might usually occur if there is a mis-match between the user information carried in the SAML request, and the information for the user in IAM Identity Center. Please refer to the following documentation for common reasons for this issue and expectations from Identity Center:

If you need assistance with troubleshooting this issue, I recommend opening a support case so we are able to look into your resource configurations and assist in detail. re:Post is a public platform, and therefore, for security and privacy reasons please refrain from sharing any resource configuration details over this platform.

AWS
INGÉNIEUR EN ASSISTANCE TECHNIQUE
Sumukhi_P
répondu il y a un an
0

Hello Team,

I've tried applying the claim configuration and yet it doesn't work.

Also, on the suggestion which stats "mis-match between the user information carried in the SAML request, and the information for the user in IAM Identity Center", I have set the Source Type as "External Identity Provider" in which I am not allowed to create the users. If that's the case, how do I resolve the issue?

Thanks!

Regards, Jay.

Mouyse
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents