Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to use SAML2 to log in to the AWS China console. Many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

The configuration of AWS China is slightly different from that of the international zone. The editor describes the configuration of logging in to the AWS China console using Authing SAML2 IdP.

Preparatory work

If you don't already have an Authing account, please sign up (https://console.authing.cn) an Authing account, create a new user pool and create an application.

Configure Authing SAML2 IdP

Go to the console > Apps > Apps list, find your app, and click "configure".

Click "configure SAML2 IDP", open the "enable SAML2 Provider" switch, and fill in the default ACS address below: https://signin.amazonaws.cn/saml.

For settings, please paste the following:

{"audience": "https://signin.amazonaws.cn/saml"," recipient ":" https://signin.amazonaws.cn/saml", "destination": "https://signin.amazonaws.cn/saml"," mappings ": {" email ":" https://aws.amazon.com/SAML/Attributes/RoleSessionName"}, "digestAlgorithm": "http://www.w3.org/2000/09/xmldsig#sha1"," "signatureAlgorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1"," authnContextClassRef: "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified", "lifetimeInSeconds": 3600, "signResponse": false, "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "samlRequestSigningCert": ""}

Add a custom SAML Response attribute at the bottom. The Name attribute is: https://aws.amazon.com/SAML/Attributes/Role, the type selection is Uri, and the value is filled in arn:aws-cn:iam:::role/,arn:aws-cn:iam:::saml-provider/ according to this format. Click Save.

Feel free to fill in the above, and, and then modify it after you have configured the AWS IAM console.

Finally, download the metadata document for SAML2 Identity Provider:

Https://core.authing.cn/api/v2/saml-idp/ / metadata

Configure the AWS IAM console

Log in to the AWS IAM console (opens new window), go to access Management > identity provider, and click "create provider".

Select SAML, fill in the provider name, upload the metadata document you just downloaded, and then click next.

Click create.

After the creation is successful, enter the access Management > role and click "create role".

Select SAML2.0 identity federation, select the SAML provider you just created at the SAML provider, select Authing here, select allow programmatic access and AWS management console access, and then click next.

To give the role permission, select the highest permission AdministratorAccess in this article, and then click "next".

Click "next".

Fill in a role name, record the identity provider arn below, and then click create role.

Find the role you just created in the roles list and click to view details.

Record the role arn.

Go back to the Authing console, fill in the correct role arn and identity provider arn in the custom SAML Response attribute of Authing SAML2 IdP, and click Save.

Test connection

Visit from the browser: https://core.authing.cn/api/v2/saml-idp/

Choose a way to log in.

After successful login, you will jump to the AWS console.

After reading the above, do you have any further understanding of how to log in to the AWS China console using SAML2? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.