locked
Getting Issue while configuring SSO for AMazon console access for AD users using ADFS RRS feed

  • Question

  • HI,

    I am configuring SSO for AD users to access Amazon console(login) using ADFS. But after complete configuration, I am getting the below error.

    Error : Your request include an Invalid SAML response.

    I have configured all set-up on Windows Server 2012 R2. I have followed the steps mention in the below blog.

    https://aws.amazon.com/blogs/security/enabling-federation-to-aws-using-windows-active-directory-adfs-and-saml-2-0/

    I have created the below claim rules.

    Transform an Incoming Claim 

    2. Send LDAP Attributes as Claims.

    3. Send Claims Using a Custom Rule

    4. Send Claims Using a Custom Rule

    Groups I have created in AD is AWS-Read and AWS-Admin. And roles I have created in AWS is with same name.

    Thursday, January 4, 2018 3:09 AM

All replies

  • You should have ADFS-Read and ADFS-Admin Roles in AWS. You can use Fiddler or Developer tools to find out what your SAML token contains.
    Thursday, January 4, 2018 12:41 PM
  • Hello, look at the ADFS Admin logs and see if there are any errors and post the details. YOu can also try using SAML tracer from Firefox to see if claims are going through to help determine where you should be looking to troubleshoot the issue ADFS or AWS

    Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

    Thursday, January 4, 2018 11:41 PM