0

I am trying to access redshift database using IAM federation following AWS documentation.

In the documentation ,under "Step1:Set up IdPs and federation",it mentions that we need to set three optional attributes like https://redshift.amazon.com/SAML/Attributes/DbUser, https://redshift.amazon.com/SAML/Attributes/AutoCreate and https://redshift.amazon.com/SAML/Attributes/DbGroups

But it is not clear from the documentation that how to add them in case of ADFS IdP .Can any body help me on this ?

Ayan
  • 401
  • 1
  • 4
  • 10

1 Answers1

2

You do this via claims rules e.g.

=> issue(type = "https://redshift.amazon.com/SAML/Attributes/DbUser", value = "xyz");

rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • We used following: // Custom rule AutoCreate: => issue(Type = "https://redshift.amazon.com/SAML/Attributes/AutoCreate", Value = "true"); // For DBGroups using customer rule with assumption that AD Groups are Redshift-*: c:[Type == "http://temp/variable", Value =~ "(?i)^Redshift-"] => issue(Type = "https://redshift.amazon.com/SAML/Attributes/DbGroups", Value = RegExReplace(c.Value, "Redshift-", "")); // DbUser should use "Send LDAP attributes as claims" – Dilip Kola Jun 14 '19 at 03:55