[英]SAML IdP - AWS Cognito/IAM as an Identity Provider
I know services such as Auth0 can act as both SAML IdPs and integrate with third party IdPs.我知道诸如 Auth0 之类的服务既可以充当 SAML IdP,也可以与第三方 IdP 集成。 It would seem that Cognito can only integrate with other third party IdPs as a service provider, it can actually perform the role of an IdP.
看起来 Cognito 只能作为服务提供者与其他第三方 IdP 集成,它实际上可以执行 IdP 的角色。
The use case is we have our apps creating users in Cognito.用例是我们的应用程序在 Cognito 中创建用户。 We'd like to use a third party application which can integrate with a SAML IdP to support SSO.
我们想使用可以与 SAML IdP 集成的第三方应用程序来支持 SSO。 Is this possible with Cognito or would we need to use something like Auth0?
这对 Cognito 是否可行,或者我们是否需要使用类似 Auth0 的东西?
Currenlty, Cognito is an OIDC IdP and not a SAML IdP.目前,Cognito 是 OIDC IdP 而不是 SAML IdP。 If an application supports OIDC, you can use Cognito to connect to that.
如果应用程序支持 OIDC,您可以使用 Cognito 连接到该应用程序。
We have recently released in public beta a new feature that allows you to federated identity from another SAML IdP.我们最近在公开测试版中发布了一项新功能,允许您从另一个 SAML IdP 联合身份。 Here's the blog entry https://aws.amazon.com/blogs/mobile/amazon-cognito-user-pools-supports-federation-with-saml/
这是博客条目https://aws.amazon.com/blogs/mobile/amazon-cognito-user-pools-supports-federation-with-saml/
We will consider your request for future releases.我们会考虑您对未来版本的要求。
A Cognito user pool by itself is not an SAML provider yet. Cognito 用户池本身还不是 SAML 提供商。 But if you would like to use a Cognito user pool, and also use it as a SAML provider, you'll have to allow users to sign in through a real external SAML federated identity provider, such as AWS SSO, by integrating Cognito user pool with the external SAML IdP:
但是,如果您想使用 Cognito 用户池,并将其用作 SAML 提供程序,则必须通过集成 Cognito 用户池,允许用户通过真正的外部 SAML 联合身份提供程序(例如 AWS SSO)登录使用外部 SAML IdP:
And your app should not directly add a user to the Cognito user pool, but you will need to add users to your external SAML IdP, such as AWS SSO.并且您的应用不应直接将用户添加到 Cognito 用户池,但您需要将用户添加到外部 SAML IdP,例如 AWS SSO。 During the sign-in process, Cognito will automatically add the external user to your user pool.
在登录过程中,Cognito 会自动将外部用户添加到您的用户池中。
(See https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp-authentication.html )
(参见https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp-authentication.html )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.