1 Answer
- Newest
- Most votes
- Most comments
0
Hi,
It is not possible to intercept or access the original SAML response that Azure AD sends to Cognito idpresponse endpoint. This SAML response is validated by Cognito and attributes in the assertion are mapped to cognito attributes as you configured them. Is it possible to send this oauth2 token as an attribute inside the SAML assertion and map it to a custom attribute in Cognito?
Relevant content
- asked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Thanks for confirming that the SAML response that Azure AD sends to Cognito idpresponse endpoint cannot be intercepted. Just was looking through the Azure AD SAML attribute mappings but it does not list either the idToken or accessToken that can be mapped as an attribute. We can choose from the attributes like first name, last name and so on individually but cannot have the token itself as an attribute in the SAML mapping. As you mentioned above, in case that was possible, it would be then mapping that as a custom attribute in Cognito