IAM SAML federation from local fails

1
votes

I set up openldap and shibboleth idp in my local virtual machine and created a identity provider in aws and uploaded metadata.

In metadata, the urls are pointing to my local ip addresses. for eg.

SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://192.168.1.15/idp/profile/SAML2/POST/SSO"

When I try to login from IDP console, it authenticates user and redirecting to aws page but there I am getting 404 error.

Issuer not present in specified provider (Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlInvalidSamlResponseException

It is obvious that endpoint validation will fail because of local ip address.

How I can resolve this issue? whether VPN connection will resolve this?

Thanks in advance for your help. Baiju

1
amazon-web-servicessaml-2.0amazon-iam

1 Answers

1
votes

This issue is resolved after uploading updated metadata file with hostname instead of IP address to IAM Identity provider. In identity provider its the hostname is given and it should match it seems.

Now login is working fine and able to access aws console. But when I try to logout, it is going to aws.amazon.com page but when I access IDP login page it is again going to last user session page.