Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Cognito does not pass 'login_hint' to Federated SAML Identity Provider

3

On my initial request to https://(my domain).auth.(region).amazoncognito.com/oauth2/authorize I can see that the login_hint parameter is present on the query string. That value is unfortunately not present on the redirect to the SAML2 endpoint.

The result of this is that users must enter their e-mail address first on our site, and then a second time at their identity provider.

How do I specify this value on the /authorize request in such a way that it will be passed through?

  • Priyank
    2 years ago

    I have similar situation and facing same issue. Did you find any solution?

Topics
Security, Identity, & Compliance
Tags
Amazon Cognito Federated IdentitiesAmazon Cognito
Language
English
asked 4 years ago1.1K views
1 Answer
0

You can add it directly in your SAML metadata. eg <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<domain>/saml2?login_hint=<login_hint>"/>

answered 3 years ago
  • Priyank
    2 years ago

    That won't work because parameter needs to be passthrough from /authorize request to SAML request. do you have any other option?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content