0

I am not able to understand how to get the SAMLAssertion token for passing as one of the parameters for the STS method -> assumeRoleWithSAML.

Please help me understand that as I already went through the DOC for assumeRolesWithSAML.

Code fragment that I am using,

var params = {
  PrincipalArn: 'arn:aws:iam::12345678910:user/userAccount',
  RoleArn: 'arn:aws:iam::12345678910:role/admin',
  SAMLAssertion: 'a4FameaC4Twkfjhsadkfjhsfkhsdfsdhafislahsdfaiughdiguhdfiughdfiughdagiuhdafgiusfhdaiiiilholfjpwfmwpefmo;ivnjeiuvneinveiovnA==',
};

var stsPromise = new AWS.STS({ apiVersion: '2011-06-15' }).assumeRoleWithSAML(params).promise();

It says,

'Invalid base64 SAMLResponse (Service: AWSOpenIdDiscoveryService; Status Code
: 400; Error Code: AuthSamlInvalidSamlResponseException; Request ID: b38250b8-39
dc-4188-9bdd-a69c102a5168)'

Please help me out with understanding what value to be passed for SAMLAssertions? Is there any other AWS service that I can call to get it?

BPDESILVA
  • 2,040
  • 5
  • 15
  • 35
Surya
  • 628
  • 3
  • 9
  • 26
  • You need a SAML-capable SSO service to generate SAML assertions. If you don't have one, you most likely have no need to call `assumeRoleWithSAML`. – Robby Cornelissen Jul 08 '19 at 04:34
  • Could you please tell me about SAML-capable SSO service? I am kind of very new to AWS. Do you mean to say, I have to use Okta or Auth0? – Surya Jul 08 '19 at 04:38
  • Yup. Something like that. The SAML spec itself is hundreds of pages, so I'm afraid I won't be able to summarize that for you in a few lines. Wikipedia is a good place to start. – Robby Cornelissen Jul 08 '19 at 04:39
  • There are plenty of other ways to authenticate to AWS, so if you don't need SAML, best to steer clear of it. – Robby Cornelissen Jul 08 '19 at 04:40
  • Allright. Thanks @RobbyCornelissen. II will try to implement something – Surya Jul 08 '19 at 04:45

0 Answers0