Can't get AWS SSO working with Auth0

Help
,
1

Hi,
I have followed these instructions to the letter Configure Amazon Web Services for Single Sign-On, but after logging in to auth0 via the hosted login page I’m re-directed to the AWS SAML login screen with the following error:

Specified provider doesn't exist (Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlManifestNotFoundException; Request ID: c5933149-eb23-11e7-a7de-af9e87aed2c3) (Service: AWSSecurityTokenService; Status Code: 400; Error Code: InvalidIdentityToken; Request ID: c59183be-eb23-11e7-9c29-cb0b29977211). Please try again.

I have copied and pasted the ARN of the IDP directly from IAM into the appropriate rules function per the Auth0 instructions like so:

`function (user, context, callback) {

user.awsRole = ‘arn:aws-us-gov:iam::redacted:role/auth0-admin-role,arn:aws-us-gov:iam::redacted:saml-provider/auth0SamlProvider’;
user.awsRoleSession = user.aws_id;

context.samlConfiguration.mappings = {
https://aws.amazon.com/SAML/Attributes/Role’: ‘awsRole’,
https://aws.amazon.com/SAML/Attributes/RoleSessionName’: ‘awsRoleSession’
};

callback(null, user, context);
}`

I’m wondering now if the this has something to do with us using an AWS GovCloud account or if I’ve somehow managed to miss a step. Or maybe I’m misinterpreting the error message. Any help would be greatly appreciated. Thank you.

2

I’m unaware of any specifics to AWA GovCloud that would make this unsupported or the instructions different. In addition, that same exact error message appears in the AWS forums for a SAML integration with ADFS so I would consider a configuration issue as the most likely reason.

I understand that you may even already did this, but I would redo the steps or even try doing the configuration with a second person (like pair programming) having the second pair of eyes just viewing what’s being done may be helpful.

In a reply to that AWS forum question there is a hint to review that the provider name and ARN match exactly, in particular, to note that they are case sensitive so you may also want to review that part.