Update Cognito user pool attributes by SAML identity provider

Question

I have a Cognito User Pool and have created a SAML Identity Provider, which is mapped to a client app.

I have created a mutable custom attribute and mapped this attribute with SAML Response assertion.

For the first time, when an user logs in with the SAML Identity Provider, I can see the federated user is created and mutable custom attribute is generated with the values from the SAML assertion. However, subsequent logins, if the SAML response attribute value changes, it doesn't update the Cognito user's attribute.

Is there a way to update the Cognito User's attribute based on the SAML assertion?

The attributes you are trying to update are writable by the app client? — Andrew Gillis, May 17 '21 at 12:44

score 1 · Answer 1 · answered May 17 '21 at 20:15

1

You need to create a Cognito Lambda trigger, you can read the request and responses inside of them. Depending on what you are doing next, it will likely be a Post Authentication trigger.

answered May 17 '21 at 20:15

Sean W

5,663
18
31

It seems like you only need to have a post authentication trigger lambda that returns the event it receives, you don't need to manually update cognito. we tested this against Azure AD SSO and when updating the attributes on Azure AD it updates cognito but only when a Post Authentication lambda is in place. It's very odd as we're not doing anything in the lambda – ajaali Jun 24 '22 at 11:32

Update Cognito user pool attributes by SAML identity provider

1 Answers1