I followed the instructions here to set up SSO for my AWS Account via Auth0.
If I invoke the SSO process using the Auth0 Identity Provider Login URL (https://[tenant-domain]/samlp/[client-id]) the authentication process works properly, and I get access to my AWS account.
If I invoke the SSO process using the AWS access portal URL from AWS IAM Identity Center (fka AWS SSO) (https://d-xxxxxxxxxx.awsapps.com/start) I get the following error on the Auth0 side:
invalid_request: The SAML Request AssertionConsumerServiceURL is invalid: 'https://us-east-1.signin.aws.amazon.com/platform/saml/acs/[hash]'
Anyone seen the same? I verified the ACS URL is correct, and I’m guessing that URL is likely not the problem since it works if auth is initiated from the Auth0 URL, but not the AWS one?
For console access I can continue using the Auth0 IdP Login URL just fine, but that doesn’t work for SSO via AWS CLI, which breaks my deployment scripting.
Thanks!