UserPoolIdentityProviderSamlProps

class aws_cdk.aws_cognito.UserPoolIdentityProviderSamlProps(*, user_pool, attribute_mapping=None, metadata, encrypted_responses=None, identifiers=None, idp_initiated=None, idp_signout=None, name=None, request_signing_algorithm=None)

Bases: UserPoolIdentityProviderProps

Properties to initialize UserPoolIdentityProviderSaml.

Parameters:

  • user_pool (IUserPool) – The user pool to which this construct provides identities.

  • attribute_mapping (Union[AttributeMapping, Dict[str, Any], None]) – Mapping attributes from the identity provider to standard and custom attributes of the user pool. Default: - no attribute mapping

  • metadata (UserPoolIdentityProviderSamlMetadata) – The SAML metadata.

  • encrypted_responses (Optional[bool]) – Whether to require encrypted SAML assertions from IdP. Default: false

  • identifiers (Optional[Sequence[str]]) – Identifiers. Identifiers can be used to redirect users to the correct IdP in multitenant apps. Default: - no identifiers used

  • idp_initiated (Optional[bool]) – Whether to enable IdP-initiated SAML auth flows. Default: false

  • idp_signout (Optional[bool]) – Whether to enable the “Sign-out flow” feature. Default: - false

  • name (Optional[str]) – The name of the provider. Must be between 3 and 32 characters. Default: - the unique ID of the construct

  • request_signing_algorithm (Optional[SigningAlgorithm]) – The signing algorithm for SAML requests. Default: - don’t sign requests

ExampleMetadata:

infused

Example:

userpool = cognito.UserPool(self, "Pool")

# specify the metadata as a file content
cognito.UserPoolIdentityProviderSaml(self, "userpoolIdpFile",
    user_pool=userpool,
    metadata=cognito.UserPoolIdentityProviderSamlMetadata.file("my-file-contents"),
    # Whether to require encrypted SAML assertions from IdP
    encrypted_responses=True,
    # The signing algorithm for the SAML requests
    request_signing_algorithm=cognito.SigningAlgorithm.RSA_SHA256,
    # Enable IdP initiated SAML auth flow
    idp_initiated=True
)

# specify the metadata as a URL
cognito.UserPoolIdentityProviderSaml(self, "userpoolidpUrl",
    user_pool=userpool,
    metadata=cognito.UserPoolIdentityProviderSamlMetadata.url("https://my-metadata-url.com")
)

Attributes

attribute_mapping

Mapping attributes from the identity provider to standard and custom attributes of the user pool.

Default:

  • no attribute mapping

encrypted_responses

Whether to require encrypted SAML assertions from IdP.

Default:

false

See:

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-signing-encryption.html#cognito-user-pools-SAML-encryption

identifiers

Identifiers.

Identifiers can be used to redirect users to the correct IdP in multitenant apps.

Default:

  • no identifiers used

idp_initiated

Whether to enable IdP-initiated SAML auth flows.

Default:

false

idp_signout

Whether to enable the “Sign-out flow” feature.

Default:

  • false

metadata

The SAML metadata.

name

The name of the provider.

Must be between 3 and 32 characters.

Default:

  • the unique ID of the construct

request_signing_algorithm

The signing algorithm for SAML requests.

Default:

  • don’t sign requests

See:

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-signing-encryption.html#cognito-user-pools-SAML-signing

user_pool

The user pool to which this construct provides identities.