- 최신
- 최다 투표
- 가장 많은 댓글
Please be informed that VPN auth uses a different ACS URL to connect
Assertion Consumer Service (ACS) URL: http://127.0.0.1:35001
Audience URI: urn:amazon:webservices:clientvpn
And Self Service portal uses a different ACS URL
Application ACS URL: https://self-service.clientvpn.amazonaws.com/api/auth/sso/saml
Application SAML audience: urn:amazon:webservices:clientvpn
But both these two Service Functions use same SAML audience URL
Application like OKTA let you define Two ACS URL in same App which would let you define Authentication and Self Service Portal in same App. Some IDPs do not give that option to create Second ACS URL in same App. But then they allow you to create a Second App for that purpose.
Unfortunately, it seems like Google has a limitation where they do not even let you define a Second App where SAML Audience URL is same. Its expected to have SAML Audience URL same on AWS auth and Self Service portal and there is no way on AWS to change that and hence there is no workaround from AWS side as well as its a google limitation.
However, alternatively you can use AWS SSO with AWS IDP where you can create One App for VPN auth and one App for Self Service portal.
https://aws.amazon.com/blogs/security/authenticate-aws-client-vpn-users-with-aws-single-sign-on/
I cant find the definiate answer, but if google supports more than 1 ACS URL then yes you can use the same IDP application.
I have done the same in AzureAD
관련 콘텐츠
- AWS 공식업데이트됨 2년 전