What is the use of SigningCertificate in AWS Cognito

Question

I am using AWS Cognito for my user authentication.

I want to know the actual use of SigningCertificate in AWS cognito?

We can get the SigningCertificate of AWS Cognito usign this GetSigningCertificate API.

We are passing the UserPoolID in API and it give us some encrypted data.

Sample output of SigningCertificate (Just dummy data):

ASKJDHKAJSHDKJASHDKASHDKLAHLKSJDHKJASHDKASHKJDHALK2s3UTJGVHRiTTAeFw0xODA1MDMxMjE0NTlaFw0yODA1MDMxMjE0NTlaMB4xHDAaBgNVBAMME3VzLXdlc3QtMl9rN1EyRlR0Yk0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj2aobYwWkzAQaIocV5IVblGKjDS30Iid5h0b9w8z309LcPcj6xCqTW9D0LYih7XpE6H7skaxymNhi7ITiJun+tC+JpuVb54pKFLwkiArRlqHK2rlI5+4NJQ5NzaEGGmilPU/ASASDJLKASjoaisdfosdf=

score 1 · Accepted Answer · answered Jul 06 '18 at 13:32

Amazon Cognito has 'Enable IdP sign out flow' when you want your user to be logged out from a SAML IdP when logging out from Amazon Cognito.

Enabling this flow sends a signed logout request to the SAML IdP when the LOGOUT Endpoint is called.

If this option is selected and your SAML identity provider expects a signed logout request, you will also need to configure the signing certificate provided by Amazon Cognito with your SAML IdP.

The SAML IdP will process the signed logout request and logout your user from the Amazon Cognito session.

To set up the SAML IdP to add a signing certificate

Click "Enable IdP sign out flow" in AWS Cognito console, Path: Federation -> Identity provided -> Identity Provider
Configure this endpoint for consuming logout responses from your IdP. This endpoint uses post binding.

What is the use of SigningCertificate in AWS Cognito

1 Answers1

Linked