using SAML in AWS Lambda

Carl Waldbieser waldbiec at lafayette.edu
Thu Jun 10 23:05:43 UTC 2021 

Phil,

I've set up a Cognito user pool and configured our Shib IdP to authenticate
users to it. I don't know if it is practical/possible to accept
authentications from the dynamic set of IdPs in the InCommon Federation.  I
know you can set up specific bilateral relationships between the user pool
and SAML IdPs, so if you have a reasonable number of IdPs you want to do
business with, it is probably an option.  The first 50 active users a month
covered in the free tier. Each federated user beyond that is $0.015 USD, so
150 users would be $1.50.

Thanks,
Carl Waldbieser
ITS
Lafayette College

On Thu, Jun 10, 2021 at 2:49 PM Phil Tracy <ptracy at northwestern.edu> wrote:

> Hello,
>
>
>
> I’m passing this along from a developer colleague. If any of you have
> related experience and are willing to share, he’d very much appreciate
> talking with you - I can put you in touch. Since most/all of his partner
> schools are part of InCommon, I think SAML federation is an ideal solution
> for this application. The piece I don’t know how to advise him on is
> getting a SAML SP-like widget in front of the AWS Lambda stuff. Thanks!
>
>
>
>
>
> We're developing a new application. Most of our users are part of
> Northwestern, but we occasionally need to collaborate with faculty members
> from other nearby universities, so they need to log in.
>
> The app is written in PHP and being deployed on AWS Lambda w/ API Gateway
> serving as the "web server". For Northwestern logins, we're using Azure
> AD's OAuth2 APIs and a PHP library to process the callback.
>
> I need to figure out the simplest way of permitting SAML logins from other
> universities. (From there, the app can do authorization -- it'll already
> know who has been invited to collaborate on a project.)
>
>
>
> --
>
> Phil Tracy
>
> Lead Developer
>
> Northwestern IT, Identity Services
>
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210610/5c02737d/attachment.htm>

More information about the users mailing list