AWS SSO using SAML in php application

Question

I used following Reference URL to configure the AWS SSO for our application. But I'm getting following error from AWS "Your request included an invalid SAML response. To logout, click here",

https://simplesamlphp.org/docs/stable/simplesamlphp-install https://simplesamlphp.org/docs/stable/simplesamlphp-idp

http://www.ipragmatech.com/aws-sso-saml2-simplesamlphp/ https://vlasenko.org/2015/04/05/howto-register-aws-saml-metadata-in-simplesamlphp/

But I dont know what i missing in simplesamlphp configuration

Please help me to solve this issue

score 0 · Answer 1 · answered Sep 27 '16 at 11:04

0

The Amazon AWS troubleshooting guide suggests checking that the SAML response has a attribute with name https://aws.amazon.com/SAML/Attributes/Role with a attribute value of the ARN of a role or ARN of the SAML provider.

You can use this chrome plugin to view the content of your SAML response

See the guide for more info

answered Sep 27 '16 at 11:04

Stefan Rasmusson

5,445
3
21
48

Yes, SAML response coming with "Name" attribute, But how can i avoid "Name" attribute in config file. 10 => array( 'class' => 'core:AttributeAdd', 'https://aws.amazon.com/SAML/Attributes/Role' => array('arn:aws:iam::arn:aws:iam:::role/,arn:aws:iam:::saml-provider/') ), 20 => array( 'class' => 'core:AttributeCopy', 'uid' => 'https://aws.amazon.com/SAML/Attributes/RoleSessionName', ), – sk2 Sep 27 '16 at 13:23
Why would you want to avoid it? – Stefan Rasmusson Sep 29 '16 at 08:30

AWS SSO using SAML in php application

1 Answers1