Create SSO for AWS from Azure AD

1
votes

Trying to create SSO for AWS keeping Azure users as source of Truth. Followed below Tut's.

  1. https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-amazon-web-service-tutorial
  2. http://blog.flux7.com/aws-best-practice-azure-ad-saml-authentication-configuration-for-aws-console

Anything is to be more precise with user attributes in Azure ? Has anything to enable in AWS to accept the SSO ?

Login is successful(Can see signin's in Azure AD) but it displays message "Your request included an invalid SAML response. To logout, click here ". Any idea what has gone wrong ? screenshot of error

2
amazon-web-servicessingle-sign-onazure-active-directorysaml
Have a look hereJeroen Heier

2 Answers

1
votes

Yes, I think you are on the right path. It seems that you are missing the custom attributes which we are suggesting to add for your application. Those are Role and RoleSessionName. Please see the step #5 in my article https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-amazon-web-service-tutorial and make sure that you use the same casing and namespace for the claims. With that the integration should work correctly.

0
votes

May be I am late to this post. As Jeevan mentioned. You are missing custom attributes that you need to add. I have been struggling with same and found this well explained video. I hope, this will help any one who is struggling with this issues.