Hi all,
I’m looking for a solution to parse an Amazon Cognito user pool with SAML2 Application.
I must use the cognito pool ad identity provider which is only possible via OIDC with preshared secret. I found Auth0 just do what I needed and before purchasing a licensed version I tested with a trial account if my setup will fulfill my requirements.
I Configured the following until now on my Auth0 config panel:
1: Empty single-Page App
2: AWS Cognito pool added as identity provider with Enterprise OIDC connection. Tested and working successful.
3: SAML2 connection to external app working successful with locally created user in Auth0.
When I’m using my App with local user from Auth0 it works sucesfull (Username-Password-Authentication)
When i’m using my app with Enterprise connection only (Cognito OIDC)
I hit the following error:
This is my config in my SAML Addon
{
"audience": "urn:amazon:cognito:sp:us-west-2_XXXXXX",
"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
}
And requiring same attributes from my OIDC Connection
The name in our case is the user email address which is provided by the OIDC and expected on my SAML2 Client.
My question: Is this parse between OIDC cognito source and SAML2 client possible trough Auth2 as mediator platform and if yes where should I look for an issue in my case?
Thanks in advance!