The ambiguous role mapping rules for: cognito with microsoft active directory
I've encountered following error message when I'm trying to integrate AWS Cognito and AWS ElasticSearch with AD. I've setup AD and cognito integration but after login with AD-User in AD Console, I've encountered following message. But when I've created user in AWS Cognito and login with its authentication, it was working. Please let me what I've missed to configure it. Thanks.
• Check whether the user pool id and app client id from user pool configurations are correctly configured in federated identities page. Also, check whether correct template is selected for authentication to Active Directory purposes, i.e., ‘Allow access for one or more AWS accounts or IAM users’ is selected.
• Please ensure that the Amazon Elasticsearch domain has sufficient access to the authorized AD users and groups through the access control policy. Also, check the IAM roles with the exact same name as AD groups are authorized or permitted for authentication with Active Directory or not.
• If using ADFS for federated identities with Microsoft Active Directory, check the replying party SAML 2.0 SSO service URL in ADFS configuration. Also, check the claim rules in ADFS and the issuance policy in ADFS. On the AWS side in elastic search console, check the roles key configuration under optional SAML settings.
Please find the below links for more information: -
Sorry! Something went wrong during authentication between Kibana and Amazon Cognito
- Using forward slash (`/`) in key of a RedisJSON object on Amazon Elasticache
- How to increase aws dynamodb index limit from 5
- Does Amazon Lightsail have remote desktop (GUI) with their Linux offering?
- Why does Runtime.maxMemory() change its value on separate calls?
- Appsync Query Returning Null with Cognito Auth
- AWS CLI S3 A client error (403) occurred when calling the HeadObject operation: Forbidden
- How to extract files from a zip archive in S3
- Copy Aws launch template to another region
- AWS S3 upload fails: RequestTimeTooSkewed
- Simplest way to automate starting of EC2 daily
- How to pass API Gateway authorizer context to a HTTP integration
- How to use AWS CLI to deploy lambda function to specific alias or version?
- Exporting data from dynamo db to a csv file
- Amazaon S3Client can list buckets, but throws an UnknownHostException when trying to do a putObject
- No integration defined for method - Choose a stage where your API will be deployed
- Using SNS to send push notifications - Expo App
- CodePipeline buildspec and multiple build actions
- Why can't an AWS lambda function inside a public subnet in a VPC connect to the internet?
- Lambda@Edge not logging on cloudfront request
- Vue is not picking up env variables from aws ecs task container
- AWS CLI cloudformation validate-template success but getting error during create-stack
- The term 'Events:' is not recognized in cloudformation template in AWS
- AWS Lambda function and S3 - change metadata on an object in S3 only if the object changed
- Cloudformation : Encountered unsupported property DeletionPolicy on S3 Bucket
- Error in CloudFormation Stack: Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400;
- Template format error: Unresolved resource dependencies [subnet-057ba3df40f87da4e] in the Resources block of the template
- Encountered unsupported property Version
- While deploying an efs stack i get the following error
- Invalid request provided: AWS::ElasticLoadBalancingV2::ListenerRule Validation exception
- aws cloudformation - Encountered unsupported property RequestValidatorId