Using AWS Managed AD as an OAuth/SSO provider for non AWS apps?
Is it possible to use AWS Managed AD as an OAuth/SSO provider for external applications? I've read all about using it to enable SSO to the AWS console and specific apps with AWS but I'd like to use it for authenticating in a non-AWS web app.
In this case, it would be for applications actually running within ec2 instances within the network, nothing leaving AWS.
Our AWS Managed AD is our only AD, nothing hybrid or or on-prem.
And yes, I see you AWS Cognito -- trying use what I already have rather than add another service.
- 最新
- 投票最多
- 评论最多
Unfortunately, I am worried to convey that No, it is not possible to use AWS Managed AD as an OAuth/SSO provider for external applications. The AWS managed AD only support NTLM and Kerberos authentication, if there is a requirement to integrate OAuth/SSO solution, you must use AWS SSO(Identity Center) or deploy ADFS server.
Moreover, AWS Managed AD doesn’t have public IP address, so it cannot provide internet facing authentication.
Lastly, I have shared below blog link that clearly explains how kerberos works.
[+] Everything you wanted to know about trusts with AWS Managed Microsoft AD https://aws.amazon.com/blogs/security/everything-you-wanted-to-know-about-trusts-with-aws-managed-microsoft-ad/
I hope the above information is helpful.
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 1 年前
- AWS 官方已更新 3 年前
I guessed this was the case. The public IP address isn't an issue as all of the accessing resources are within the account (and aws networks) . I'll have to look into azure AD and federation I suppose.