I should say too that the groups i created to identify and manage access in a ldap directory are in the format:
cn=aws8765309-administrator,ou=groups,o=data cn=aws8765309-read-only,ou=groups,o=data When you look at the regex this factors into the extraction. On Monday, November 7, 2022 at 3:35:05 PM UTC-6 Andrew Marker wrote: > I was on an early version of 6.x when I did this, so, it could perhaps be > updated but it is working. If nothing else, just directly referencing the > metadata: https://signin.aws.amazon.com/static/saml-metadata.xml. > > Keep in mind, CAS has some prebuilt libraries for specific SPs: CAS - > SAML SP Integrations (apereo.github.io) > <https://apereo.github.io/cas/6.6.x/integration/Configuring-SAML-SP-Integrations.html>. > > That is probably best practice. > > > On Monday, November 7, 2022 at 3:23:15 PM UTC-6 [email protected] wrote: > >> Hi all, >> >> Has anyone had success integrating an AWS Console as a SAML SP? We've >> been spinning our wheels on this for a couple weeks now, and are not really >> sure where to go from here. We're loosely following this: >> >> >> https://aws.amazon.com/blogs/security/how-to-use-shibboleth-for-single-sign-on-to-the-aws-management-console/ >> >> with the caveat that Shib is not CAS, of course, but that's about as >> close as the official AWS documentation has gotten. The only error message >> we've gotten back from Amazon is "Your request included an invalid SAML >> response", and the person we're integrating with (who has access to the AWS >> console) said he's not seeing any logs being generated at all for these >> failed requests. >> >> Any advice or experience anyone on here has had would be invaluable! >> Thanks! >> >> Ben >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a9d5294-f6fd-4538-a3ad-2059d95d236en%40apereo.org.
