AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Getting 403 on SSO through identity center

0

Hello Builders,

I am getting below from Okta SSO for AWS, I can see my users in Identity center from Okta and I have assigned them AdministratorAccess permission sets, and I can see under the hood it has created IAM role.

Could anyone guide what can be missing

403 ERROR The request could not be satisfied. This distribution is not configured to allow the HTTP request method that was used for this request. The distribution supports only cachable requests. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

Generated by cloudfront (CloudFront) Request ID: KJRxmtyoghlO6tfelFHmqiOQgtlrnHcyGy1eSfwL9NAxPzDwOwV1Jg==

주제
보안, 신원 및 규정 준수
태그
AWS IAM 자격 증명 센터
언어
English
Rishi
질문됨 8달 전535회 조회
2개 답변
1
수락된 답변

The error can be encountered when the ACS url of AWS SSO is incorrect on the Identity Provider end. Hence, in order to fix the issue you need to modify the ACS url on IdP end.

To fix the issue, please follow below steps:

  1. Find the ACS url from AWS IAM Identity Center.
  • You can find this field by navigating to AWS IAM Identity Center >> Settings >> Under Identity Source section click 'Actions' >> Manage Authentication.
  • Copy the 'IAM Identity Center Assertion Consumer Service (ACS) URL'

[+] https://catalog.workshops.aws/iam-identity-center/en-US/workshop/4-extracredits/4-externalidp-okta#configurechange-the-identity-source-in-identity-center

  1. Open AWS IAM Identity Center application in Okta and put the ACS value under 'Reply URL (Assertion Consumer Service URL)'

[+] https://catalog.workshops.aws/iam-identity-center/en-US/workshop/4-extracredits/4-externalidp-okta#configure-okta-iam-identity-center-sign-on-configuration

AWS
Makendran G
답변함 8달 전
  • Rishi
    8달 전

    thanks that does seem to make some changes, after making above changes , 403 error is gone but now I am getting-->.

    It's not you, it's us We couldn't complete your request right now. Please try again later.

0

Hello,

From the error it seems the distribution with viewer protocol policy is not configured for HTTP and HTTPS. If the HTTP request is sent to a distribution with Viewer Protocol Policy setting of HTTPS only, then the request can return a 403 error.

Can you please check your settings accordingly and see if HTTP is enabled ?

Open the Amazon CloudFront console.

  1. Select the distribution that's returning the 403 error.
  2. Select the Behaviors tab.
  3. Select the behavior that matches the request. Then, choose Edit.
  4. For Viewer Protocol Policy, choose either HTTP and HTTPS or Redirect HTTP to HTTPS.
  5. Note: HTTP and HTTPS allows connections on both HTTP and HTTPS. Redirect HTTP to HTTPS automatically redirects HTTP requests to HTTPS.
  6. Save Changes.
AWS
Shekhar S
답변함 8달 전
  • Rishi
    8달 전

    Hello, thanks for your tome but I don't have CloudFront, this an OKTA SSO, so when I login to my OKTa dahaboard and choose to login to AWS console from okta app SSO throws this error

  • Rishi
    8달 전

    I delete the identity center and okta app, and created both again, it seems there was metadata somewhere which was causing the issue, but above steps is clearly right, thanks

  • Shekhar S
    7달 전

    Thanks Rishi, if the steps helped can you please upvote or accept the answer ? that will help the community as well.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠