We are trying to configure OneLogin as SAML provider for our client app.
We have configured the SAML metadata and provider name in AWS Cognito User Pool's Identity provider section, by following steps 1 to 6 from link : https://support.onelogin.com/hc/en-us/articles/201174164 and https://aws.amazon.com/blogs/mobile/amazon-cognito-user-pools-supports-federation-with-saml/.
When we build the url in format: "https://<domain_prefix>.auth.<region>.amazoncognito.com/login?response_type=token&client_id=<app client id>&redirect_uri=<your redirect URI>" and open in browser , we are redirect to the aws hosted ui from where we can invoke the SAML Provider ( in our case OneLogin) login page.
After successful login the page is supposed to be redirected at the callback url configured but it lands on https://signin.aws.amazon.com/saml url saying 400 bad request.
Can we use onelogin as SAML IdP for Cognito User Pool as described in https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp.html.
In summary we want our onelogin users to be able to login to our client app using the AWS SSO feature from onelogin saml connector.
As per discussion on link: the https://support.onelogin.com/hc/en-us/community/posts/115000432926-Integrate-OneLogin-in-web-app , we configured the SAML Test connector in aws cognito user pool and when we hit the browser with url of format "https://<domain_prefix>.auth.<region>.amazoncognito.com/login?response_type=token&client_id=<app client id>&redirect_uri=<your redirect URI>" and after successful login we are redirected to the redirect url and then we get error in query string saying : Error+in+SAML+response+processing:+Invalid+user+attributes:+email:+The+attribute+is+required+&error=server_error
Please sign in to leave a comment.