AWS client vpn selfservice



I'm trying to create a VPN endpoint using AWS SSO as IdP but I'm always getting an error when doing the assertion exchange after logging.

I've created the endpoint, selected federated authentication and then selected the ARN of the SAML provider of my SSO configuration. The endpoint is created and available and associated to a VPC. Then I downloaded the AWS VPN client, created a profile using the configuration from my VPN endpoint and then I clicked on 'Connect'. That takes me to the SSO login page but after login I get an error: Oops, something went wrong Provide your administrator with the following info: Issuer of request does not match our record Request ID: <<some id>> HTTP status: 403 Any idea on what fails? Thanks.

asked 2 years ago1235 views
1 Answer

AWS Client VPN is not one of the pre-integrated applications in AWS SSO. As a workaround, create a custom SAML application in AWS SSO. This requires re-creation of AWS VPN Client Endpoint.

  1. Create a custom application in AWS SSO to be used with AWS Client VPN
  2. Create a new Identity Provider (IdP) in IAM Provider console, and use the AWS SSO as an identity provider with the custom application that was created in Step 1
  3. Finally, use the newly created IdP with AWS Client VPN
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions