I should say too that the groups i created to identify and manage access in a ldap directory are in the format:
cn=aws8765309-administrator,ou=groups,o=data cn=aws8765309-read-only,ou=groups,o=data When you look at the regex this factors into the extraction. On Monday, November 7, 2022 at 3:35:05 PM UTC-6 Andrew Marker wrote: > I was on an early version of 6.x when I did this, so, it could perhaps be > updated but it is working. If nothing else, just directly referencing the > metadata: https://signin.aws.amazon.com/static/saml-metadata.xml. > > Keep in mind, CAS has some prebuilt libraries for specific SPs: CAS - > SAML SP Integrations (apereo.github.io) > <https://apereo.github.io/cas/6.6.x/integration/Configuring-SAML-SP-Integrations.html>. > > That is probably best practice. > > > On Monday, November 7, 2022 at 3:23:15 PM UTC-6 bwin...@philasd.org wrote: > >> Hi all, >> >> Has anyone had success integrating an AWS Console as a SAML SP? We've >> been spinning our wheels on this for a couple weeks now, and are not really >> sure where to go from here. We're loosely following this: >> >> >> https://aws.amazon.com/blogs/security/how-to-use-shibboleth-for-single-sign-on-to-the-aws-management-console/ >> >> with the caveat that Shib is not CAS, of course, but that's about as >> close as the official AWS documentation has gotten. The only error message >> we've gotten back from Amazon is "Your request included an invalid SAML >> response", and the person we're integrating with (who has access to the AWS >> console) said he's not seeing any logs being generated at all for these >> failed requests. >> >> Any advice or experience anyone on here has had would be invaluable! >> Thanks! >> >> Ben >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a9d5294-f6fd-4538-a3ad-2059d95d236en%40apereo.org.
