Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Cognito - Auth0 SAML request

0

Hi, I'm using Auth0 as SAML identity provider in conjunction with its Organization feature. I have multiple clients in Cognito and for each client I'd like to pass a different organization query parameter in the login URL. The login URL is in the SAML metadata. So I need to modify it before it's sent out to Auth0.

eg: <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<Auth0-domain>/samlp/<Client_id>?organization=<organization_id>"/>

I'm wondering if it's possible to intercept the request before it goes to Auth0 through a lambda trigger? Or perhaps any other methods?

Please advise, Thanks!

Argomenti
ServerlessComputazionaliSicurezza, identità e conformità
Tag
AWS LambdaAmazon CognitoIdentità federate di Amazon Cognito
Lingua
English
rePost-User-5939308
posta un anno fa341 visualizzazioni
1 Risposta
0
Risposta accettata

I don’t believe you will be able to intercept this with a lambda call.

What you may be able to do is modify the Idp settings before exporting the metadata so that you can modify the URL when it’s imported into aws. However, I have not idea I’d there is an exposed variable in cognito you can even inject into the url.

Could you have a different idp per client?

profile picture
ESPERTO
Gary Mclean
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente