search

trussworks / terraform-aws-saml-cognito

Creates AWS Cognito resources for using SAML authentication
https://registry.terraform.io/modules/trussworks/saml-cognito
BSD 3-Clause "New" or "Revised" License
7 stars 11 forks source link

issue login from external Cognito Hosted UI #70

Open ferasawadi opened 12 months ago

ferasawadi commented 12 months ago

am trying to create cognito and am using Google Workspace as SAML

i've setup every thing as mentioned by am getting the following erro

Screenshot 2023-08-27 at 8 59 58 PM

here is my configs


## https://github.com/trussworks/terraform-aws-saml-cognito/tree/main
resource "aws_cognito_user_pool" "stellarsend_user_pool" {
  name                     = "stellarsend-pool-${terraform.workspace}"
  auto_verified_attributes = ["email"]
  provider                 = aws.us-east-1
}

resource "aws_cognito_identity_provider" "stellarsend_provider" {
  user_pool_id  = aws_cognito_user_pool.stellarsend_user_pool.id
  provider_name = "stellarsend-Google-provider-${terraform.workspace}"
  provider_type = "SAML"

  provider_details = {
    MetadataFile = var.saml_metadata_file_content
  }

  attribute_mapping = {
    email = "email"
  }
  provider = aws.us-east-1

  lifecycle {
    ignore_changes = [
      provider_details["SSORedirectBindingURI"],
    ]
  }
}

resource "aws_cognito_user_pool_client" "stellarsend_user_pool_client" {
  name          = "stellarsend-pool-client-${terraform.workspace}"
  user_pool_id  = aws_cognito_user_pool.stellarsend_user_pool.id
  callback_urls = [
    "https://accounts.google.com",
    "https://portal.dev.stellarsend.app",
    "https://sso.auth.dev.stellarsend.app/oauth2/authorize?client_id=7010m8qqdms0c22ld2pmkfkj3g&response_type=code&scope=email+openid&redirect_uri=https://portal.dev.stellarsend.app",
    "https://${var.cognito_domain_name}",
    "https://${var.cognito_domain_name}/oauth2/idpresponse",
    "https://${var.cognito_domain_name}/saml2/idpresponse",
  ]
  default_redirect_uri                 = "https://portal.dev.stellarsend.app"
  allowed_oauth_flows_user_pool_client = true
  allowed_oauth_flows                  = ["code", "implicit"]
  supported_identity_providers         = [aws_cognito_identity_provider.stellarsend_provider.provider_name]
  provider                             = aws.us-east-1
}
ferasawadi commented 12 months ago

by the way am login from here Screenshot 2023-08-27 at 9 02 38 PM

by clicking the StellarSend Demo Icon