I’m facing a potentially big problem with a third party who wants to access my services using SAML based SSO.
I use Cognito in AWS as my identity provider but the third party wants to access my services using IDP initiated SSO where they POST a SAML assert message to Cognito in order to access my web app.
BUT Cognito doesn’t allow this. Part of my estate is Azure based and I can create a AD B2C if needed. I’m trying to determine if I could use B2C and some custom policies to act as a man in the middle between the third party’s SAML IDP and Cognito, or is this technically impossible?
Without going into too many details, the ball’s in my court to sort this as the third party will be pushing their users to my services so it is I who stands to gain most from this.
Any help would be gratefully received.
