En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Pre token generation lambda trigger is not working properly in .Net core.

0

Hello Team,

The pre-token generation lambda trigger for Cognito is not working properly for .net core, It is throwing this error: "error_description=Error+in+SAML+response+processing%3A+Invalid+version+in+Lambda+response.+Version+should+be+1+&error=server_error".

Same event is working fine for node js but it is not working in .net core, here is the payload response which I'm returning from Pre-Token generation lambda trigger for .Net core after modifying the claims:

{ "request": { "groupConfiguration": { "groupsToOverride": [ "us-east-1_P139c87yU_Okta" ], "iamRolesToOverride": [], "preferredRole": null }, "clientMetadata": null, "userAttributes": { "sub": "fb010969-9c01-4533-b12b-c09d454ee10f", "identities": "[{\"userId\":\"piyush.joshi@gartner.com\",\"providerName\":\"Okta\",\"providerType\":\"SAML\",\"issuer\":\"https://urldefense.com/v3/__http://www.okta.com/exk3uaojhs7McUi195d75C5C22,5C5C22primary5C5C22:true,5C5C22dateCreated5C5C22:1644401968942*7D**A22__;JSUlJSUlJSUlJSUlJSUlJV0l!!NmrTbz2Y!j8OBTzi57qqJa6c8x7egkmYdRuvuglBU0LwQm17-u2m-pf-EOQrrffVrzMnxkxiy0pE$ , "cognito:user_status": "EXTERNAL_PROVIDER", "email_verified": "false", "email": "piyush.joshi@gartner.com" } }, "response": { "claimsOverrideDetails": { "claimsToAddOrOverride": null, "claimsToSuppress": null, "groupOverrideDetails": { "groupsToOverride": [ "User", "us-east-1_P139c87yU_Okta" ], "iamRolesToOverride": [], "preferredRole": null } } }, "version": "1", "triggerSource": "TokenGeneration_HostedAuth", "region": "us-east-1", "userPoolId": "us-east-1_P139c87yU", "userName": "Okta_piyush.joshi@gartner.com", "callerContext": { "awsSdkVersion": "aws-sdk-unknown-unknown", "clientId": "nbkmuarn0v3pph35s4cnsr7li" } } *

Sujets
Sans serveurCalcul
Balises
AWS LambdaAmazon Cognito Sync
Langue
English
AWS-User-7824937
demandé il y a 2 ans1392 vues
1 réponse
0

Hi,

May I ask if this event is somehow truncated? It does not seem to be a valid JSON. I've used our internal JSON lint tool and there seems to be an issue with the formatting under "userAttributes"

        "userAttributes": {
            "sub": "fb010969-9c01-4533-b12b-c09d454ee10f",
            "identities": "[{\"userId\":\"piyush.joshi@gartner.com\",\"providerName\":\"Okta\",\"providerType\":\"SAML\",\"issuer\":\"https://urldefense.com/v3/__http://www.okta.com/exk3uaojhs7McUi195d75C5C22,5C5C22primary5C5C22:true,5C5C22dateCreated5C5C22:16444019689427D**A22__;JSUlJSUlJSUlJSUlJSUlJV0l!!NmrTbz2Y!j8OBTzi57qqJa6c8x7egkmYdRuvuglBU0LwQm17-u2m-pf-EOQrrffVrzMnxkxiy0pE$ , "
            cognito: user_status ": "

Two things to note is that there is an opening brace in 'identities' but there is no closing. Also, the "issuer" key does not seem to have an escaped \". I just want to clarify this first if perhaps you have truncated this. If so, can you please provide the full event?

If the object is working Node but not in .NET then this seems to imply that there is actually some sort of difference with the way the Node Lambda returns the response as opposed to the .NET Lambda. I would suggest checking how exactly you are returning this response in the .NET Lambda as it may be returning it differently than expected.

I would also suggest doing an additional test by invoking both Lambda's via API Gateway. This is to confirm if the Lambda's are indeed returning the expected format back to the requester.

AWS
INGÉNIEUR EN ASSISTANCE TECHNIQUE
Ryan_A
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents