- Newest
- Most votes
- Most comments
Set Up IAM Identity Center:
Ensure IAM Identity Center is enabled and configured in your AWS account. If you are using an AWS Organization, you can set this up at the organization level or at the account level for a local setup.
Create a custom SAML 2.0 application in IAM Identity Center:
Go to the IAM Identity Center console.
Navigate to Applications > Add a new application > Add a custom SAML 2.0 application.
Configure the application with the required details, such as the ACS (Assertion Consumer Service) URL and the Entity ID. These URLs are typically provided by your ALB's listener rule when you configure SAML authentication.
Download the AWS SSO metadata file.
2. Configure Amazon Cognito:
Create a new Cognito User Pool or use an existing one. You will use this to handle user authentication and federation.
Create an Identity Pool if needed for federated identities.
Set up Cognito to use IAM Identity Center as an external SAML identity provider:
Go to the Cognito console and select your User Pool.
Under Federation, select Identity providers > SAML.
Add a new SAML identity provider and upload the metadata file from IAM Identity Center.
Map the SAML attributes to Cognito attributes as needed.
3. Configure the Application Load Balancer (ALB):
Create or update your ALB to enable SAML-based authentication:
In the ALB console, under Listeners, select the listener (typically HTTPS).
Create a new rule to authenticate users with a SAML-based authentication provider.
In the Actions section, select Authenticate > SAML.
Provide the details from your IAM Identity Center SAML configuration (ACS URL, Entity ID).
Set up the ALB rules to forward authenticated requests to your target group where the Eclipse Theia application is running.
4. Testing and Verification: Once all configurations are in place, test the setup:
Access the application through the ALB. You should be redirected to the IAM Identity Center login page for authentication.
After successful authentication, the ALB should forward the request to your application.
Thank you for this Thanniru, I'll test and get back with any updates. I also found this guid which sounds like the ultimate goal of what I'm trying to MVP here https://aws.amazon.com/blogs/networking-and-content-delivery/aws-verified-access-integration-with-aws-iam-identity-center-and-saml-2-0-identity-providers/ just in case anyone else comes across this thread and find it useful.
I'm specifically struggling with this stage as there doesn't seem to be any SAML option...
Create a new rule to authenticate users with a SAML-based authentication provider. In the Actions section, select Authenticate > SAML. Provide the details from your IAM Identity Center SAML configuration (ACS URL, Entity ID).
There is no option for SAML, only "cognito" or "OIDC" and the OIDC options requests endpoint, token endpoint, client ID and Secret which aren't clearly mapped to the outputs from setting up IAM identity Center.
Would you have a screen shot?
Relevant content
- asked 2 years ago
- Accepted Answerasked 5 months ago
- Accepted Answerasked 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 months ago