AW: AW: AW: Programmatically get Assertion for 3rd party resources

Kevin Flückiger kevin.flueckiger at
Thu May 21 05:33:11 EDT 2015

>When you describe it that way, that sounds like the canonical use case for SAML delegation, described here:

Thanks for your input Bret. I agree with you, the way I understand my problem really sounds like the SAML delegation use case. If I was under control of the AWS SP I would take this route.

>However, in your initial description it  sounded like the AWS consumer wasn't exactly an SP implementing the Web >Browser SSO Profile.  If it wants you to obtain (somehow, in an unspecified way) an Assertion targeted to it and then >pass it in a proprietary API call, etc, to establish a session or security context, then that's not really something defined by >an existing common SAML profile, as far as I know.

I believe AWS in fact wants me to go the unsupported way since it is exactly documented like the unsupported way you describe. See:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list