Cognito with Load Balancer

Question

I'm trying to make the Cognito SSO. I'm already implemented it with Apache Server and it works ! Now I'm trying to do it without Apache, but with Load Balancer which redirect me to the Cognito Authentification. The authentification works, but next I need to do the similar thing to 
> RequestHeader set CAS-User something

Is it possible to do it with Load Balancer or maybe with Lambda Function or another method ?... This header is required by my application.

I was searching for CloudFront and LambdaEdge solution, but still can not understand how to get OIDC_Claim from Cognito after a authentification and then set with it my header...

Answer

Hi,

the OIDC claims (and Access Token ) are only available to backends of Application Load Balancer cause it is Application Load Balancer that acts as the OAuth2 client in this case and receives the JWTs from Cognito.

Adding a CloudFront and Lambda@Edge won't work as they are before the Application Load Balancer.

Can add a Lambda function or an API Gateway as the backend of the Application Load balancer to provide the Header as needed and proxify access to your Apache server.

Jeff

Cognito with Load Balancer

相关内容