Support Center

Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Support AWS Cognito via SAML

Micah Flatt May 21, 2018 07:21AM MDT

The generic SAML connector does not provide any user specific attributes, which are required for using SAML with AWS Cognito. Cognito relies on attributes as a map of information from the SAML token to the OIDC token it generates.

There are several reason we want to use cognito:
1. It is a better use for end user login, but integration with the Directory service allows internal users to keep their credentials in one place.
2. Elastic search now allows cognito to be used for authentication to it's built in Kibana.
3. Allows for testing of additional SAML connections with Cognito.

At the very least, I need the email address attribute passed through. First and Last name would also be nice, but not required. Documentation will probably be needed to let user know what attributes are being sent, but decoding the SAML token is easy enough to see attributes.

This question has received the maximum number of answers.

31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete