Cognito does not pass 'login_hint' to Federated SAML Identity Provider

On my initial request to https://(my domain).auth.(region).amazoncognito.com/oauth2/authorize I can see that the login_hint parameter is present on the query string. That value is unfortunately not present on the redirect to the SAML2 endpoint.

The result of this is that users must enter their e-mail address first on our site, and then a second time at their identity provider.

How do I specify this value on the /authorize request in such a way that it will be passed through?

Priyank
8 个月前
I have similar situation and facing same issue. Did you find any solution?

主题

安全、身份和合规性

标签

Amazon Cognito 亚马逊 Cognito 联合身份

语言

English

gavinNBS

已提问 2 年前621 查看次数

1 回答

最新
投票最多
评论最多

这些答案有用吗？为正确答案投票，以帮助社区从您的知识中受益。

You can add it directly in your SAML metadata. eg <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<domain>/saml2?login_hint=<login_hint>"/>

rePost-User-5939308

已回答 1 年前

Priyank
8 个月前
That won't work because parameter needs to be passthrough from /authorize request to SAML request. do you have any other option?

Cognito does not pass 'login_hint' to Federated SAML Identity Provider

相关内容