Shibboleth OIDC and AWS Cognito
Liam Hoekenga
liamr at umich.edu
Tue Jul 2 18:13:14 EDT 2019
You can tell the IDP to use client_secret_post by adding this to the
metadata for the given SP...
"token_endpoint_auth_method":"client_secret_post"
Liam
On Tue, Jul 2, 2019 at 4:04 PM Wessel, Keith <kwessel at illinois.edu> wrote:
> Hi, all,
>
> Has anyone attempted to use AWS Cognito as a client against a Shibboleth
> IdP with OIDC support? Our developers are trying this and running into an
> error that I've seen before with locally developed clients:
> 2019-07-02 15:49:08,600 - WARN
> [org.geant.idpextension.oidc.profile.impl.ValidateEndpointAuthentication:206]
> - Profile Action ValidateEndpointAuthentication: Unrecognized client
> authentication com.nimbusds.oauth2.sdk.auth.ClientSecretPost at 35f57c94 for
> client_secret_basic
>
> The fix for the locally developed client was to use http basic auth for
> the client authentication, but we don't seem to have that flexability with
> Cognito. Does anyone know what combination of settings for a Cognito user
> pool or client configuration in Cognito land works with the Shib OIDC
> implementation?
>
> Thanks,
> Keith
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190702/a91d7009/attachment.html>
More information about the users
mailing list