By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Determining the identity provider for SAML IdPs using a query parameter

0

I have a user pool with multiple SAML IdPs set up. I don't want my SSO customers to have to choose which IdP to use, as this would expose our customer list. I understand I can route the users to the appropriate IdP using an Identifier (email domain), but I would prefer to route this automatically based on sending a query parameter to the login page. The AWS documentation suggests this should be possible

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp-authentication.html
"Alternatively, if your app gathered information before directing the user to your user pool, it can provide that information to Amazon Cognito through a query parameter."

but the documentation doesn't specify what this query parameter is called. I have tried a number of options, like 'provider' or 'IdPprovider', but none seem to work. Does this feature work? If so, what is the name of the query parameter I should use?

Topics
Security, Identity, & Compliance
Tags
Amazon Cognito
Language
English
andrewmcdonough
asked 3 years ago425 views
2 Answers
0

You can pass it on the (Authorize)https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html endpoint using either identity_provider or idp_identifier parameters.

cfbarbero1
answered 3 years ago
0

Thanks @cfbarbero1. This was the solution I was looking for.

andrewmcdonough
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content