Implementing SAML-Based Login and API Authorization with API Gateway, Lambda Authorizer, and Microsoft IDP

1

I'm currently working on implementing SAML-based login and API request authorization using AWS API Gateway, Lambda Authorizer, and a Microsoft Identity Provider (IDP). The architecture I'm following involves several steps (refer image below), and I'm seeking clarification on two specific points:

1. Receiving the SAML Token on My Page (Step 3): I'm unclear about how my web page should receive the SAML token. What is the recommended approach for obtaining the SAML token after a successful login? Are there specific API endpoints or protocols involved in this step?

2. Lambda Authorizing the Token with the IDP (Step 6): I'm also seeking guidance on how the Lambda Authorizer should handle the authorization process with the Microsoft IDP. What steps should the Lambda function take to validate and authorize the received SAML token against the IDP?

Any insights, code snippets, or references to relevant documentation would be greatly appreciated. I'm looking forward to a clearer understanding of these specific steps in the SAML-based login and authorization process.

 architecture

1 Answer
0
Accepted Answer

You could look at following articles: https://repost.aws/knowledge-center/cognito-third-party-saml-idp which rely on cognito

profile picture
EXPERT
answered 4 months ago
profile picture
EXPERT
reviewed 16 days ago
  • Thanks for the suggestion! I appreciate your input and will definitely check it out.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions