Hello,
I am trying to create a new AWS Cognito SAML identity provider and I am entering the metadata document endpoint URL, but when I try to save my new provider I get the following error: "We were unable to update identity provider: Non-ok status code 403 returned from remote metadata source {here goes my provider URL} (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: bfdccf61-dcf3-41d1-88ca-50f73b5b42b4; Proxy: null)"
The provider endpoint is ssl and has a valid certificate associated. I also understand that Cognito is getting a forbidden (403) response while trying to access the metadata. I can access the my provider endpoint URL from the browser (no credentials needed) and download the metadata file, and if I upload the file instead of using the endpoint it seems to work just fine. But I do not want to depend on this manually uploaded file in case the provider changes the metadata at some point.
I am not sure if there is anything the provider needs t do to allow AWS Cognito to access the endpoint. Can someone please provide some light to this problem?
Thank you very much in advance!
Thank you so much for your reply, Ed! I truly appreciated. I have contacted the SAML provider with your answer and hopefully the request validation gets unblocked!