Amazon supports custom SAML 2.0 applications. See https://docs.aws.amazon.com/singlesignon/latest/userguide/samlapps.html
1. Amazon SSO SAML 2.0 Configurations:#
Open the IAM Identity Center Console https://console.aws.amazon.com/singlesignon and create a new custom application.
Configure the name, Application ACS URL, and SAML Audience, then submit the application.
Application ACS URL example: https://your.crushftp.com/?u=SSO_SAML&p=none
SAML Audience example: https://your.crushftp.com/?u=SSO_SAML&p=none
Configure the attribute mappings of your application.
Add new attribute mapping.
Maps to this string value or user attribute in IAM Identity Center: ${user:subject}
Warning: Assign users/groups to the created application!
2. SAMLSSO plugin configuration
#
Download the IAM Identity Center SAML metadata file.
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://portal.sso.us-east-1.amazonaws.com/saml/assertion/XXX"> <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MXXXX</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://portal.sso.us-east-1.amazonaws.com/saml/logout/XX"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://portal.sso.us-east-1.amazonaws.com/saml/logout/X"/> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://portal.sso.us-east-1.amazonaws.com/saml/assertion/XX"/> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://portal.sso.us-east-1.amazonaws.com/saml/assertion/XX"/> </md:IDPSSODescriptor> </md:EntityDescriptor>
Add new attachment
Only authorized users are allowed to upload new attachments.
List of attachments
Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
---|---|---|---|---|---|---|
png |
csutom_app_new_attribute.png | 55.0 kB | 2 | 27-Mar-2023 10:28 | krivacsz | |
png |
custom_app.png | 105.1 kB | 1 | 27-Mar-2023 09:34 | krivacsz | |
png |
custom_app_assign_users.png | 64.1 kB | 1 | 27-Mar-2023 10:41 | krivacsz | |
png |
custom_app_attribute_mappings_... | 43.2 kB | 1 | 27-Mar-2023 10:21 | krivacsz | |
png |
custom_app_crushftp_settings.p... | 217.3 kB | 1 | 29-Mar-2023 03:46 | krivacsz | |
png |
custom_app_settings.png | 149.6 kB | 1 | 27-Mar-2023 10:13 | krivacsz |
«
This particular version was published on 29-Mar-2023 03:56 by krivacsz.
G’day (anonymous guest)
Log in
JSPWiki