Shibboleth OIDC and AWS Cognito
kwessel at illinois.edu
Tue Jul 2 17:04:27 EDT 2019
Has anyone attempted to use AWS Cognito as a client against a Shibboleth IdP with OIDC support? Our developers are trying this and running into an error that I've seen before with locally developed clients:
2019-07-02 15:49:08,600 - WARN [org.geant.idpextension.oidc.profile.impl.ValidateEndpointAuthentication:206] - Profile Action ValidateEndpointAuthentication: Unrecognized client authentication com.nimbusds.oauth2.sdk.auth.ClientSecretPost at 35f57c94 for client_secret_basic
The fix for the locally developed client was to use http basic auth for the client authentication, but we don't seem to have that flexability with Cognito. Does anyone know what combination of settings for a Cognito user pool or client configuration in Cognito land works with the Shib OIDC implementation?
More information about the users