MFA and AWS SAML authentication

Cantor, Scott cantor.2 at
Wed May 17 17:52:13 EDT 2017

On 5/17/17, 5:48 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

> Our AWS admins asked if I could turn on forced MFA into AWS for specific users. I did this, and AWS didn't like it. Turns out, if you
> send an authn context other than urn:oasis:names:tc:SAML:2.0:classes:ac:password to AWS with your assertion, they reject it.

Hmm, no, they don't, we're doing that.

So...dunno but it's been fine here.

-- Scott

More information about the users mailing list