SAML Cognito Identity Provider: Signing and encryption settings

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap

https://aws.amazon.com/cloudformation/

Creative Commons Attribution Share Alike 4.0 International

1.1k stars 53 forks source link

SAML Cognito Identity Provider: Signing and encryption settings #1963

Closed ryanolee closed 3 months ago

ryanolee commented 4 months ago

Name of the resource

AWS::Cognito::UserPoolIdentityProvider

Resource name

No response

Description

The here are no setting for configuring Saml Signing and Encryption setting from cloudformation when creating a provider. ^ These are the settings that would ideally have parallel attributes in Cloud-formation in some capacity to configure.

Looking under https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#aws-resource-cognito-userpoolidentityprovider--examples--Creating_a_new_SAML_identity_provider There does not seem to be any "ProviderDetails" options for configuring these new options. Ideally it would be great to have the option to enable them when creating the provider!

Other Details

No response

ryanolee commented 4 months ago

As a follow up looks like this is more a documentation issue. Deploying with the following seems to work. Just not documented anywhere in the CF or SDK documentation.

"ProviderDetails": {
     "IDPSignout": false,
     "MetadataURL": "xxx",
     "EncryptedResponses": "true",
     "RequestSigningAlgorithm": "rsa-sha256"
    }

jrempel-aws commented 3 months ago

It seems there was an issue with an outdated version of the documentation being published, and since has been resolved.

See:

If there's anything we missed, feel free to file a ticket or re-open the issue.

ryanolee commented 3 months ago

Thanks for getting back. Looks to be all resolved now. Thanks for updating the docs!