External IDP's identity token validation failure

While trying out https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html, getting the below error. What STS is actually looking for the validation? If the IDP's jwks API response contains x5c having public key and root CA certificates, can it handle token signature validation?

<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
    <Error>
        <Type>Sender</Type>
        <Code>InvalidIdentityToken</Code>
        <Message>Couldn't retrieve verification key from your identity provider,  please reference AssumeRoleWithWebIdentity documentation for requirements</Message>
    </Error>
    <RequestId>dfd6341d-9686-4acb-8e41-03471c6f5ef0</RequestId>
</ErrorResponse>

Topics

Security, Identity, & Compliance

Relevant content

External IDP Tokens in Cognito User Pools
camiloking
asked 2 years ago
Cognito and External IdPs
kf4ape
asked 9 months ago
Mapping SAML2 (external idp) users to Identity Center users
Accepted Answer
wz2b
asked a year ago
Revoking cognito refresh token on deleting/disabling external IDP user
Imtiaz
asked a year ago
How can I resolve the AWS STS AssumeRoleWithWebIdentity API call error "InvalidIdentityToken"?
AWS OFFICIALUpdated a year ago
How do I resolve errors related to OIDC IdP federation in IAM?
AWS OFFICIALUpdated 4 months ago
How do I get IdP-issued OIDC or social identity tokens for Amazon Cognito user pools?
AWS OFFICIALUpdated 2 months ago
How can I troubleshoot the AWS STS error “the security token included in the request is expired” when using the AWS CLI to assume an IAM role?
AWS OFFICIALUpdated 2 years ago
Explained: AWS IoT Custom Authorizer with Cryptographic Token Validation
EXPERT
Paco
published a year ago
How to Rotate your External IdP Certificates in AWS IAM Identity Center (successor to AWS Single Sign-On) with Zero Downtime
EXPERT
Matt-B
published a year ago