Amazon Cognito | Verify format of SAMLRequest sent to IDP

We are integrating with a partner who uses Amazon Cognito and we are the IDP. They have loaded our IDP metadata file and when I send a request to their authorization endpoint to initiate the SAML session, we receive a request containing SAMLRequest and RelayState values.

Amazon Cognito documentation does not state how the SAMLRequest and RelayState are generated/formatted.

Are these values encrypted and then Base64 encoded? Are there any samples or examples available of what an unencrypted SAMLRequest contains?

주제

보안, 신원 및 규정 준수

태그

아마존 Cognito

언어

English

rePost-User-3169185

질문됨 일 년 전343회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

이 답변이 도움이 되었나요?커뮤니티가 여러분의 지식을 활용할 수 있도록 정답을 찬성하세요.

Hi,

Cognito SAML Request are following SAML 2.0 standard are are not encrypted only signed.

You can find more information in https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp.html

Cognito SAML Metadata can be constructed based on https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-integrating-3rd-party-saml-providers.html

Jeff

Jeff Lombardo-AWS

답변함 일 년 전

rePost-User-3169185
일 년 전
Thank you, Jeff. Where can we configure signing of the SAMLRequest? We were able to decode and decompress the SAMLRequest, however there is no signature element included with the AuthNRequest XML received from Cognito.

Amazon Cognito | Verify format of SAMLRequest sent to IDP

관련 콘텐츠