AWS identity provider integration
-
Can I point AWS identity provider to fusionauth? Curious if there are any docs on this if its possible. I assume it will be SAML? Looks like OpenID is an option as well?
Thanks,
Cory
-
I was able to get the integration to work by setting Authorized redirect URLs to localhost:35001 per the aws vpn client documentation.
-
@cnsmith I haven't done this integration myself, but if AWS supports SAML or OIDC, it should work. You might give it a go and share more details of any issues you are running into. Please let us know what you find!
-
I was able to setup fusionauth as an AWS IdP. When AWS Client VPN tries to connect it redirects to fusionauth login, but throws this error. Any suggestions?
{
"code" : "Requester",
"message" : "The AuthnRequest contained an invalid issuer [urn:amazon:webservices:clientvpn] that does not map to an Application in FusionAuth"
}I would expect fusionauth to issue a login page where the user would login which would then grant access to the VPN.
-
@cnsmith Have you turned on debug logging? If you do that and check the Event Log (System -> Event Log) that might provide additional details.
-
@dan I do have debugging on but Im not seeing anything in the logs.
-
@dan I was able to fix that error by making the entity ID
urn:amazon:webservices:clientvpn. Seems obvious now. -
Fusionauth prompts the client for their username and password. Upon logging in it redirects me back to the base URL
https://auth.<company>.comwhich throws a 405 status code. Error pasted below. I updated my cors to allow post methods and a bunch of headers as well as that url. Any suggestions?This page isn’t workingIf the problem continues, contact the site owner.
HTTP ERROR 405 -
Proxy logs shows the 405 and &userState=AuthenticatedRegistrationNotVerified
-
I was able to get the integration to work by setting Authorized redirect URLs to localhost:35001 per the aws vpn client documentation.
-
C cnsmith has marked this topic as solved on
-
@cnsmith Did you get everything working or are there still issues?
-
Since the original post is from two years ago, it's important to consider that the technology landscape and integration options may have evolved since then.
