[External] ShibV4-LdapCognito Issue

Domingues, Em michael-domingues at uiowa.edu
Fri Apr 24 15:47:56 EDT 2020

Since modern SAML is usually a front-channel protocol (that is, all communications between the IdP and the SP happen through browser redirects as opposed to server-to-server requests), if your browser isn't being redirected to your IdP after clicking the sign-in button, the issue lies with your AWS configuration. This list is dedicated to providing best-effort community support for the Shibboleth software components, so if the issue is on the AWS side, your best bet would be to work through their documentation and support channels.

You can confirm this by using your browser of choice's developer tools to see what HTTP requests are being issued.

If you *are* being redirected to your IdP successfully, but aren't seeing a login screen, then this is the right place, though once again, support on-list is entirely volunteer based and best-effort.


From: users <users-bounces at shibboleth.net> on behalf of leosimon <leosimon at digital-nirvana.com>
Sent: Friday, April 24, 2020 1:25 PM
To: users at shibboleth.net <users at shibboleth.net>
Subject: Re: [External] ShibV4-LdapCognito Issue

Thank you for the reply.

I have uploaded the IDP metadata on the AWS Cognito config. The URL I
mentioned is, once the authentication with LDAP passes then it will redirect
to https://google.com(it can be anything).

It works in this way,
I have to access the cognito URL which will be in the format,

--This will show a signin button and once we click on that, It takes us to
the IDP's server URL
'https://example.com/idp/profile/SAML2/Redirect/SSO?execution=e1s1' with a
prompt for LDAP authentication.

*This step is not happening in V3.4.6 and V4*

With the same procedure, I got it working with Shib version 2.4.1 and 3.2.1.
The issue I have mentioned is happening only from 3.4.6 version and 4 as
well. I cannot find clearly from the documentation to change what and where
to make this work. It looks very complex to me.

Sent from: https://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200424/f9aeade2/attachment.html>

More information about the users mailing list