Configure AWS SSO with Auth0 as IDP

I am trying to configure “AWS SSO”'s to work with Auth0 as an External Identity Provider. I have made is to the point where I am getting the auth0 login as success but AWS throws me an error.

#### An unexpected error has occurred

Please try signing in again. If the error persists, please contact your administrator

**RequestId:** 4a315c48-0e78-40f6-8b90-6d9574d07db9
**Time:** Fri, 21 Feb 2020 19:13:35 GMT

Steps I have taken

  1. Goto Auth0 Application > Addon > SAML2 Web App
  2. Application Callback URL : {{ AWS SSO ACS URL}}
  3. Settings
    {
    “audience”: “{{ AWS SSO Sign-in URL}}”,
    “destination”: “{{ AWS SSO issuer URL}}”,
    “mappings”: {
    “email”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress”,
    “name”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    },
    “signResponse”: false,
    “createUpnClaim”: false,
    “passthroughClaimsWithNoMapping”: false,
    “mapUnknownClaimsAsIs”: false,
    “mapIdentities”: true,
    “nameIdentifierFormat”: “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”,
    “nameIdentifierProbes”: [
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    ]
    }

Can anyone help me as I am not really getting any logs to debug from AWS

2 Likes

Welcome and Thank you for posting in Auth0 Community! @Rohithzr :tada:

Can you please confirm if you are following this guide? Configure Amazon Web Services for Single Sign-On

Also, can you please share your tenant and whether you have any rules in place? You can send me those in a private message.

Hope to hear back from you.

Hi,

I’m running in to the same issue.

I think the problem is that the guide you referenced refers to integrating Auth0 with AWS IAM as an external IdP. This method can certainly be used, but the difference (and source of confusion) here is that I and Rohithzr are trying to integrate with AWS’s separate “AWS SSO” service (AWS IAM Identity Center (successor to AWS SSO)).

While you can still use the older method outlined in the Auth0 docs you shared, the separate AWS SSO service is a newer service that makes things a bit easier to manage on the AWS side.

So again, when we say we want help integrating with AWS SSO, we mean the specific AWS SSO service, not the generic meaning of the term SSO.

The AWS SSO service also supports SAML IdPs, but (I think) it requires slightly different instructions; the guide you shared isn’t 100% accurate for the newer AWS SSO experience.

I think I solved it. A few tweaks are needed to the configuration that we paste into the Auth0 SAML setup. See my post here… I got AWS SSO (the service) + Auth0 working:

Hi @mwerb! I’m glad to hear that. Thank you for posting the solution as well! Please feel free to reach out to us if you still need assistance!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.