使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

How to get Cognito SAML integration to sign AuthnRequest?

0

I have confirmed the metadata loaded for the integration specifies

<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

However, the generated AuthnRequest from cognito is not signed.

主題
安全性、身分識別與合規
標籤
Amazon Cognito
語言
English
jarky
已提問 2 年前檢視次數 1158 次
1 個回答
1
已接受的答案

Hi,

Cognito doesn't support AuthnRequest signing at this time. The assertion consumer endpoint for Cognito user pool doesn't change for the user pool (unless you change the user pool domain), so is the SP entity Id. These values must be per-configured in the IdP and usually if the AuthnRequest has any different values the request will be rejected by the IdP.

More details on federating to SAML IdP from Cognito user pool.

AWS
專家
Mahmoud Matouk
已回答 2 年前
  • 13ogrammer
    2 年前

    Hi Mahmoud, Is "AuthnRequest signing" in the Cognito User Pool roadmap? If yes, when is it likely to be released?

    Cheers!

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容