- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hello Ori,
You can create an IAM OIDC identity provider with the AWS Command Line Interface, the Tools for Windows PowerShell, or the IAM API. When you use these methods, you must obtain the thumbprint manually and supply it to AWS. When you create an OIDC identity provider with the IAM console, the console attempts to fetch the thumbprint for you. We recommend that you also obtain the thumbprint for your OIDC IdP manually and verify that the console fetched the correct thumbprint.
The AWS CLI command to create Open ID connect provider (create-open-id-connect-provider) has two required parameters -
- url
- thumbprint-list
[+] create-open-id-connect-provider CLI reference - https://docs.aws.amazon.com/cli/latest/reference/iam/create-open-id-connect-provider.html
Hence, it is required that you have to provide the thumbprint in order to successfully create an Open ID connect provider in AWS via CLI.
[+] Obtaining the thumbprint for an OpenID Connect Identity Provider - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
When creating the Open ID connect provider via the AWS management console, AWS attempts to fetch the thumbprint for you. However in case of Open ID connect provider such as Auth0, GitHub, Google, and those that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint, instead of using a certificate thumbprint, AWS would use its library of trusted root certificate authorities (CAs) to verify the IdP server certificate.
You can create an OIDC provider without manually providing the thumbprint by creating the OIDC provider via the AWS management console. AWS would fetch the thumbprint for you. However, it is recommended that you validate that the console fetched the correct thumbprint.
Regards,
Suryansh
Contenus pertinents
- demandé il y a 8 mois
- demandé il y a 2 mois
- Réponse acceptéedemandé il y a 7 mois
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans