I have confirmed the metadata loaded for the integration specifies ``` ``` However, the generated AuthnRequest from cognito is not signed.

How to get Cognito SAML integration to sign AuthnRequest?

I have confirmed the metadata loaded for the integration specifies

<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

However, the generated AuthnRequest from cognito is not signed.

主题

安全、身份和合规性

标签

Amazon Cognito

语言

English

jarky

已提问 2 年前1158 查看次数

1 回答

最新
投票最多
评论最多

已接受的回答

Hi,

Cognito doesn't support AuthnRequest signing at this time. The assertion consumer endpoint for Cognito user pool doesn't change for the user pool (unless you change the user pool domain), so is the SP entity Id. These values must be per-configured in the IdP and usually if the AuthnRequest has any different values the request will be rejected by the IdP.

More details on federating to SAML IdP from Cognito user pool.

专家

Mahmoud Matouk

已回答 2 年前

13ogrammer
2 年前
Hi Mahmoud, Is "AuthnRequest signing" in the Cognito User Pool roadmap? If yes, when is it likely to be released?

Cheers!

How to get Cognito SAML integration to sign AuthnRequest?

相关内容