1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Hi,
It is not possible to intercept or access the original SAML response that Azure AD sends to Cognito idpresponse endpoint. This SAML response is validated by Cognito and attributes in the assertion are mapped to cognito attributes as you configured them. Is it possible to send this oauth2 token as an attribute inside the SAML assertion and map it to a custom attribute in Cognito?
Contenuto pertinente
- AWS UFFICIALEAggiornata 8 mesi fa
- Come faccio a configurare Auth0 come provider di identità SAML con un pool di utenti Amazon Cognito?AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 3 anni fa
- Come faccio a configurare AD FS come provider di identità SAML con un pool di utenti Amazon Cognito?AWS UFFICIALEAggiornata 3 anni fa
Thanks for confirming that the SAML response that Azure AD sends to Cognito idpresponse endpoint cannot be intercepted. Just was looking through the Azure AD SAML attribute mappings but it does not list either the idToken or accessToken that can be mapped as an attribute. We can choose from the attributes like first name, last name and so on individually but cannot have the token itself as an attribute in the SAML mapping. As you mentioned above, in case that was possible, it would be then mapping that as a custom attribute in Cognito