I am calling AssumeRoleWithSAMLAsync using AmazonSecurityTokenServiceClient, while creating the client object it is mandatory to configure a credentials where as my intention is to create temporary credentials using AssumeRoleWithSaml.
The documentation of AWS STS service says that AssumeRoleWithSaml doesn't require credentials but client constructor requires credentials.
I also tried calling api directly with following parameters
https://sts.amazonaws.com/ ?Version=2011-06-15&Action=AssumeRoleWithSAML&RoleArn=arn:aws:iam::xxx:role/xxx&DurationSeconds=900&PrincipalArn=arn:aws:iam::xxx:saml-provider/adfs&SAMLAssertion=base64 ecoded SAML token
But this also throws error
<Code>InvalidIdentityToken</Code>
<Message>Invalid base64 SAMLResponse (Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlInvalidSamlResponseException; Request ID: xx-xxxx-xxx)</Message>
When I configure credentials, I am able to create temporary credentials. Hence I am sure my SAML token is correct.
Can anyone let me know how to call AssumeRoleWithSAML from postman? or how can I call it via code without instantiating client?
It seems to me a chicken and egg problem.
