1 個回答
- 最新
- 最多得票
- 最多評論
0
Hi,
It is not possible to intercept or access the original SAML response that Azure AD sends to Cognito idpresponse endpoint. This SAML response is validated by Cognito and attributes in the assertion are mapped to cognito attributes as you configured them. Is it possible to send this oauth2 token as an attribute inside the SAML assertion and map it to a custom attribute in Cognito?
相關內容
- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 6 個月前
Thanks for confirming that the SAML response that Azure AD sends to Cognito idpresponse endpoint cannot be intercepted. Just was looking through the Azure AD SAML attribute mappings but it does not list either the idToken or accessToken that can be mapped as an attribute. We can choose from the attributes like first name, last name and so on individually but cannot have the token itself as an attribute in the SAML mapping. As you mentioned above, in case that was possible, it would be then mapping that as a custom attribute in Cognito