Shibboleth OIDC and AWS Cognito

Wessel, Keith kwessel at
Tue Jul 2 17:04:27 EDT 2019

Hi, all,

Has anyone attempted to use AWS Cognito as a client against a Shibboleth IdP with OIDC support? Our developers are trying this and running into an error that I've seen before with locally developed clients:
2019-07-02 15:49:08,600 - WARN [org.geant.idpextension.oidc.profile.impl.ValidateEndpointAuthentication:206] - Profile Action ValidateEndpointAuthentication: Unrecognized client authentication com.nimbusds.oauth2.sdk.auth.ClientSecretPost at 35f57c94 for client_secret_basic

The fix for the locally developed client was to use http basic auth for the client authentication, but we don't seem to have that flexability with Cognito. Does anyone know what combination of settings for a Cognito user pool or client configuration in Cognito land works with the Shib OIDC implementation?


More information about the users mailing list