- 최신
- 최다 투표
- 가장 많은 댓글
The error can be encountered when the ACS url of AWS SSO is incorrect on the Identity Provider end. Hence, in order to fix the issue you need to modify the ACS url on IdP end.
To fix the issue, please follow below steps:
- Find the ACS url from AWS IAM Identity Center.
- You can find this field by navigating to AWS IAM Identity Center >> Settings >> Under Identity Source section click 'Actions' >> Manage Authentication.
- Copy the 'IAM Identity Center Assertion Consumer Service (ACS) URL'
- Open AWS IAM Identity Center application in Okta and put the ACS value under 'Reply URL (Assertion Consumer Service URL)'
Hello,
From the error it seems the distribution with viewer protocol policy is not configured for HTTP and HTTPS. If the HTTP request is sent to a distribution with Viewer Protocol Policy setting of HTTPS only, then the request can return a 403 error.
Can you please check your settings accordingly and see if HTTP is enabled ?
Open the Amazon CloudFront console.
- Select the distribution that's returning the 403 error.
- Select the Behaviors tab.
- Select the behavior that matches the request. Then, choose Edit.
- For Viewer Protocol Policy, choose either HTTP and HTTPS or Redirect HTTP to HTTPS.
- Note: HTTP and HTTPS allows connections on both HTTP and HTTPS. Redirect HTTP to HTTPS automatically redirects HTTP requests to HTTPS.
- Save Changes.
Hello, thanks for your tome but I don't have CloudFront, this an OKTA SSO, so when I login to my OKTa dahaboard and choose to login to AWS console from okta app SSO throws this error
I delete the identity center and okta app, and created both again, it seems there was metadata somewhere which was causing the issue, but above steps is clearly right, thanks
Thanks Rishi, if the steps helped can you please upvote or accept the answer ? that will help the community as well.
관련 콘텐츠
- 질문됨 9달 전
- AWS 공식업데이트됨 3년 전
- AWS 공식업데이트됨 일 년 전
thanks that does seem to make some changes, after making above changes , 403 error is gone but now I am getting-->.
It's not you, it's us We couldn't complete your request right now. Please try again later.