AWS SSO IDp For OpenSearch

We are using AWS SSO with Google Workspace to log into AWS.

We also have OpenSerch in use. We want to use AWS SSO as an IDP for OpenSearch however we get the following error

Oops, something went wrong
Provide your administrator with the following info:
No access
Request ID: xxxx
HTTP status: 403

The 403 call is when a GET is made on https://portal.sso.eu-west-1.amazonaws.com/saml/v2/assertion/xxxxxredactedxxxxx/ HTTP/1.1

rePost-User-3884245
일 년 전
I was struggling with this problem until i saw a subtle mistake.Hope this could help : in the IAM Identity Center, settings of the application, i was using "dot" instead of "double point" for attribute mappings. Lost so many hours because of my eyes.

주제

서버리스 분석 보안, 신원 및 규정 준수

태그

아마존 OpenSearch 서비스 AWS IAM 자격 증명 센터

언어

English

ShaunAdams

질문됨 2년 전1204회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

이 답변이 도움이 되었나요?커뮤니티가 여러분의 지식을 활용할 수 있도록 정답을 찬성하세요.

Hello

Not sure if you ve referred the below links for the same. AWS SSO with G-suite as an External IDP: https://aws.amazon.com/blogs/security/how-to-use-g-suite-as-external-identity-provider-aws-sso/

SAML with AWS Open-search: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html

These provide the basic steps for configuration & the right approach. However for a detailed check, I would advise to open up a support case with the AWS SSO/AWS Opensearch team and get it checked, once verified the steps in the above links.

지원 엔지니어

Chirag_R

답변함 2년 전

전문가

Fabrizio@AWS

검토됨 2년 전

AWS SSO IDp For OpenSearch

관련 콘텐츠