AWS SSO - "Request nameID format does not match our record"
I'm trying to get a test app working with the AWS single sign-on service. When I hit the SSO login url and enter my credentials, it logs in fine, but then Amazon displays the error:
Requeest nameID format does not match our record
My request contains:
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true" />
and the IdP metadata xml that Amazon comes up with for my app has a blank <md:NameIDFormat/> tag. I'm guessing that has something to do with it. However, I'm not seeing anywhere, in the Amazon UI, where the nameIDFormat can be specified.
My questions:
- How/where can I specify the
nameIDFormatthat my AWS SSO app accepts? This is assuming the blank<md:NameIDFormat/>is (part of the) issue. Maybe that has nothing to do with the issue, in which case: - What does the above error message mean?
You can change NameID format at AWS SSO "Applications" page:
- Go to AWS SSO->Applications->My App Name
- Set
${user:subject}as attribute value (second column) and select necessary NameID format in third column.
Once this will be done you can send a corresponding NameID format by NameIDPolicy tag:
<saml2p:NameIDPolicy
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
BTW : by using a NameIDPolicy tag, SP requests from IdP a corresponding NameID format (email, transient, persistent etc.). Your AWS IdP doesn't have a requested mapping and don't know what should be returned by default or what is allowed and throws an error you see.
- Using forward slash (`/`) in key of a RedisJSON object on Amazon Elasticache
- How to increase aws dynamodb index limit from 5
- Does Amazon Lightsail have remote desktop (GUI) with their Linux offering?
- Why does Runtime.maxMemory() change its value on separate calls?
- Appsync Query Returning Null with Cognito Auth
- AWS CLI S3 A client error (403) occurred when calling the HeadObject operation: Forbidden
- How to extract files from a zip archive in S3
- Copy Aws launch template to another region
- AWS S3 upload fails: RequestTimeTooSkewed
- Simplest way to automate starting of EC2 daily
- How to pass API Gateway authorizer context to a HTTP integration
- How to use AWS CLI to deploy lambda function to specific alias or version?
- Exporting data from dynamo db to a csv file
- Amazaon S3Client can list buckets, but throws an UnknownHostException when trying to do a putObject
- No integration defined for method - Choose a stage where your API will be deployed
- Using SNS to send push notifications - Expo App
- CodePipeline buildspec and multiple build actions
- Why can't an AWS lambda function inside a public subnet in a VPC connect to the internet?
- Lambda@Edge not logging on cloudfront request
- Vue is not picking up env variables from aws ecs task container
- AWS CLI cloudformation validate-template success but getting error during create-stack
- The term 'Events:' is not recognized in cloudformation template in AWS
- AWS Lambda function and S3 - change metadata on an object in S3 only if the object changed
- Cloudformation : Encountered unsupported property DeletionPolicy on S3 Bucket
- Error in CloudFormation Stack: Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400;
- Template format error: Unresolved resource dependencies [subnet-057ba3df40f87da4e] in the Resources block of the template
- Encountered unsupported property Version
- While deploying an efs stack i get the following error
- Invalid request provided: AWS::ElasticLoadBalancingV2::ListenerRule Validation exception
- aws cloudformation - Encountered unsupported property RequestValidatorId