I have confirmed the metadata loaded for the integration specifies ``` ``` However, the generated AuthnRequest from cognito is not signed.

How to get Cognito SAML integration to sign AuthnRequest?

I have confirmed the metadata loaded for the integration specifies

<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

However, the generated AuthnRequest from cognito is not signed.

주제

보안, 신원 및 규정 준수

태그

아마존 Cognito

언어

English

jarky

질문됨 2년 전1158회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

수락된 답변

Hi,

Cognito doesn't support AuthnRequest signing at this time. The assertion consumer endpoint for Cognito user pool doesn't change for the user pool (unless you change the user pool domain), so is the SP entity Id. These values must be per-configured in the IdP and usually if the AuthnRequest has any different values the request will be rejected by the IdP.

More details on federating to SAML IdP from Cognito user pool.

전문가

Mahmoud Matouk

답변함 2년 전

13ogrammer
2년 전
Hi Mahmoud, Is "AuthnRequest signing" in the Cognito User Pool roadmap? If yes, when is it likely to be released?

Cheers!

How to get Cognito SAML integration to sign AuthnRequest?

관련 콘텐츠