Amazon Cognito adds signing, encryption, and Identity Provider-initiated SSO for SAML federation
Share
Services
Amazon Cognito has added three features for customers using the SAML standard for federation. Customers can use Amazon Cognito user pools to send signed SAML authentication requests, require encrypted responses from a SAML identity provider, and use identity provider-initiated single sign-on (SSO) for SAML federation.
Request signing and encryption adds an additional layer of protection to the communication between Amazon Cognito and third-party SAML identity providers. Identity provider-initiated SSO allows application builders to configure an Amazon Cognito user pool to accept SAML assertions from a user who is already signed in with a SAML identity provider, without the need for an end user to go through a login flow. Customers can configure these features whenever the identity provider they are federating to requires it, or turn it off for those that do not support it.
The new capabilities will help business-to-business (B2B) application builders launch applications that are compatible with more third-party identity providers and support their business or customers’ compliance requirements. These features are available for all customers using Amazon Cognito for SAML federation in any AWS Region where Amazon Cognito is supported.
Application builders can turn these features on using the Amazon Cognito console, APIs, or CLI. Amazon Cognito will provide a signing certificate and an encryption certificate which can be downloaded and used to configure the SAML identity provider to work with the new features in Amazon Cognito. To learn more, refer to the [documentation](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp.html).
What else is happening at Amazon Web Services?
Amazon AppStream 2.0 users can now save their user preferences between streaming sessions
December 13th, 2024
Services
Share
AWS Elemental MediaConnect Gateway now supports source-specific multicast
December 13th, 2024
Services
Share
Amazon EC2 instances support bandwidth configurations for VPC and EBS
December 13th, 2024
Services
Share
AWS announces new AWS Direct Connect location in Osaka, Japan
December 13th, 2024
Services
Share
Amazon DynamoDB announces support for FIPS 140-3 interface VPC and Streams endpoints
December 13th, 2024
Services
Share