stackoom
  简体   繁体   中英

AWS CloudFormation Cognito Identity Provider (SAML)

 原文  2020-01-08 07:11:51       json/ amazon-web-services/ amazon-cloudformation/ amazon-cognito

Question

I am trying to create a Cognito Identity Provider with the help of documentation at https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html . Here is a sample of the snippet where the FederationMetadata.xml is in the same folder as the CF template definition.

AWSTemplateFormatVersion: 2010-09-09
Description: Identity Provider

Resources: 
  CognitoUserPoolAIdProvider:
    Type: "AWS::Cognito::UserPoolIdentityProvider"
    Properties:
      AttributeMapping:
        email: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
      IdpIdentifiers: []
      ProviderDetails:
        IDPSignout: 'false'
        MetadataFile: './FederationMetadata.xml'
        SLORedirectBindingURI: https://<IP of ADFS>/adfs/ls/
        SSORedirectBindingURI: https://<IP of ADFS>/adfs/ls/
      ProviderName: MyIdProvider
      ProviderType: SAML
      UserPoolId: us_abcdef123

Upon trying to run, I get the error with

Invalid XML (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: c047641b-7c69-4944-b4e4-e110cf8c2605)

I see that the file contents are not provided during run-time:

{
    "ProviderName": "MyIdProvider",
    "UserPoolId": "us_abcdef123",
    "AttributeMapping": {
        "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
    },
    "ProviderDetails": {
        "MetadataFile": "./FederationMetadata.xml",
        "SSORedirectBindingURI": "https://<IP>/adfs/ls/",
        "IDPSignout": "false",
        "SLORedirectBindingURI": "https://<IP>/adfs/ls/"
    },
    "ProviderType": "SAML",
    "IdpIdentifiers": []
}

Question: How should I be referring to the FederationMetadata.xml file within the CF Template? In addition, pasting the contents of the XML file work fine, but I want to externalize the metadata contents into a file entirely.

1 answers

solution1
 0 ACCPTED  2020-01-08 08:10:23

The input of MetadataFile is the contents of the XML, not the file path. So you have some alternative choices:

  1. Switch to use MetadataURL that accept a public URL to meta data file

  2. or If you use AWS CLI to CFN deployment, you can use MetadataFile as CFN as parameter and pass the XML contents to deploy script, for example:

    metadata=$(cat FederationMetadata.xml)

    aws cloudformation deploy --stack-name YOUR_STACK --parameter-overrides MetadataFile="${metadata}"

Your CFN would be used: MetadataFile: Ref !MetadataFile

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS CloudFormation chaining functions AWS CloudFormation error with network interface AWS CloudFormation: “Parameter [subnetIds] is invalid” cloudformation- how to use Ref in sources of AWS::CloudFormation::Init section? Create AWS::ECR::Repository resource by Cloudformation AWS Cloudformation JSON template to c# object AWS CloudFormation - using !Ref inside !Sub AWS CloudFormation User Data \; and new lines (JSON) AWS Cognito Decode JWKS.json S3 permissions to Cognito for AWS AMPLIFY not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM