By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to get Cognito SAML integration to sign AuthnRequest?

0

I have confirmed the metadata loaded for the integration specifies

<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

However, the generated AuthnRequest from cognito is not signed.

Topics
Security, Identity, & Compliance
Tags
Amazon Cognito
Language
English
jarky
asked 2 years ago1149 views
1 Answer
1
Accepted Answer

Hi,

Cognito doesn't support AuthnRequest signing at this time. The assertion consumer endpoint for Cognito user pool doesn't change for the user pool (unless you change the user pool domain), so is the SP entity Id. These values must be per-configured in the IdP and usually if the AuthnRequest has any different values the request will be rejected by the IdP.

More details on federating to SAML IdP from Cognito user pool.

AWS
EXPERT
Mahmoud Matouk
answered 2 years ago
  • 13ogrammer
    2 years ago

    Hi Mahmoud, Is "AuthnRequest signing" in the Cognito User Pool roadmap? If yes, when is it likely to be released?

    Cheers!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content