By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

This application is not available for your directory

0

I have Identity Center SSO connected my external identity provider (Shibboleth) and it seems to be working. But, on redirect, it often - but not always - fails.

Am i supposed to be able to go to https://myssoname/awaspps.com/console to get directly to the console? There's no way to add the "console" to the list of SSO "Applications" so I think it's just implied. I set SSO up in mutli-account access to enable the SSO and it works sometimes but not others, without me changing anything. I am perplexed. What it says is:

"This application is not available for your directory." I googled this but it was telling me all about Active Directory.

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity Center
Language
English
profile picture
wz2b
asked a year ago248 views
1 Answer
0

Hello,

I hope you're doing well.

Thank you for reaching out to us with your concern.

I understand that you have few queries related to integration of External idp "(Shibboleth)" to Identity Center users. I am answering the queries below:

Q : Am i supposed to be able to go to https://myssoname/awaspps.com/console to get directly to the console?

         The mentioned one is the AWS SSO URL. Sign in using your standard company user name and password. Once signed in, you can access any AWS account and application that appears in the portal. Simply choose an icon.

         To know more about the AWS Access portal, I would request you to go through the AWS documentation : https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html

From this error we can see that the "This application is not available for your directory" . This Error is mostly related to your directory, here it is external identity provider. To troubleshoot the issue further, We require more information about the exitising Setup that you're currently using and also SAML Assertion.

Hence, I would request you raise a support case ticket, where we can go deep dive into the resources to find out the actual root cause.

Thank you! Have a wonderful day!

Reference:

[1]Supported Identity providers: https://docs.aws.amazon.com/singlesignon/latest/userguide/supported-idps.html [2]Other Identity Providers : https://docs.aws.amazon.com/singlesignon/latest/userguide/other-idps.html

AWS
rePost-User-6294732
answered a year ago
  • wz2b
    a year ago

    I want to do that. The trouble is I have two AWS accounts - one is mine personally, the other is not. I paid for aws support on my personal one, but the trouble I'm having is on the other one so I didn't think I could put in a support request. That's why I have been trying to figure it out on my own.

    One thing I noticed in the docs and by testing is that AWS seems to only support a NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress but the server I have is Shibboleth and I think it's only SAML 2.0 so I'm wondering if THAT is the problem.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content