Cognito does not pass 'login_hint' to Federated SAML Identity Provider

On my initial request to https://(my domain).auth.(region).amazoncognito.com/oauth2/authorize I can see that the login_hint parameter is present on the query string. That value is unfortunately not present on the redirect to the SAML2 endpoint.

The result of this is that users must enter their e-mail address first on our site, and then a second time at their identity provider.

How do I specify this value on the /authorize request in such a way that it will be passed through?

Priyank
8 個月前
I have similar situation and facing same issue. Did you find any solution?

主題

安全性、身分識別與合規

標籤

Amazon Cognito Amazon Cognito Federated Identities

語言

English

gavinNBS

已提問 2 年前檢視次數 621 次

1 個回答

最新
最多得票
最多評論

這些答案是否有幫助？支持正確答案，以幫助社區從您的知識中受益。

You can add it directly in your SAML metadata. eg <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<domain>/saml2?login_hint=<login_hint>"/>

rePost-User-5939308

已回答 1 年前

Priyank
8 個月前
That won't work because parameter needs to be passthrough from /authorize request to SAML request. do you have any other option?

Cognito does not pass 'login_hint' to Federated SAML Identity Provider

相關內容