Closed pittjl closed 6 years ago
I am wondering if there's any way I can pick your brain @pittjl . I'm trying to get saml2aws to work with our govcloud org without much success. I keep getting stuck on the same error whether I specify role, URN, etc. Working fine with our main AWS org. Our IdP is JumpCloud. Any input would help.
From the error:
Requesting AWS credentials using SAML assertion InvalidIdentityToken: Specified provider doesn't exist (Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlManifestNotFoundException;
@CholtonATX, I'm also facing a similar problem and since this issue is closed I've created a new one.
Setting an environment variable of export AWS_REGION=us-gov-west-1
worked in my testing, which tells me that the SAML assertion is not being sent to the correct endpoint. I guess I'll need to learn some Go to fix this issue...
Update here, I seem to have missed it or it is a newer feature, but you can configure a region flag in the ~/.saml2aws config file. It worked for me using Okta as the idp. Example config below:
[aws-gov]
app_id =
url =
Would be great if this worked with us-gov-west-1, which has a different urn (amazon:webservices:govcloud) and uses a different sts endpoint. I tried changing the urn in the ADFS provider and re-building, but I was still directed to the public endpoints and got a role from the public side.