UpdateSAMLProvider
Updates the metadata document, SAML encryption settings, and private keys for an existing SAML provider. To rotate private keys, add your new private key and then remove the old key in a separate request.
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
- AddPrivateKey
-
Specifies the new private key from your external identity provider. The private key must be a .pem file that uses AES-GCM or AES-CBC encryption algorithm to decrypt SAML assertions.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 16384.
Pattern:
[\u0009\u000A\u000D\u0020-\u00FF]+
Required: No
- AssertionEncryptionMode
-
Specifies the encryption setting for the SAML provider.
Type: String
Valid Values:
Required | Allowed
Required: No
- RemovePrivateKey
-
The Key ID of the private key to remove.
Type: String
Length Constraints: Minimum length of 22. Maximum length of 64.
Pattern:
[A-Z0-9]+
Required: No
- SAMLMetadataDocument
-
An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your IdP.
Type: String
Length Constraints: Minimum length of 1000. Maximum length of 10000000.
Required: No
- SAMLProviderArn
-
The Amazon Resource Name (ARN) of the SAML provider to update.
For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon General Reference.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Required: Yes
Response Elements
The following element is returned by the service.
- SAMLProviderArn
-
The Amazon Resource Name (ARN) of the SAML provider that was updated.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidInput
-
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
HTTP Status Code: 400
- LimitExceeded
-
The request was rejected because it attempted to create resources beyond the current Amazon Web Services account limits. The error message describes the limit exceeded.
HTTP Status Code: 409
- NoSuchEntity
-
The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.
HTTP Status Code: 404
- ServiceFailure
-
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500
Examples
Example
This example illustrates one usage of UpdateSAMLProvider.
Sample Request
https://iam.amazonaws.com/?Action=UpdateSAMLProvider
&AssertionEncryptionMode=Required
&AddPrivateKey
&RemovePrivateKey=examplef-1308-c242-eba1-71fr267bcda3
&Name=arn:aws:iam::123456789012:saml-provider/MyUniversity
&SAMLMetadataDocument=VGhpcyBpcyB3aGVyZSB5b3UgcHV0IHRoZSBTQU1MIHByb3ZpZGVyIG1ldGFkYXRhIGRvY3VtZW50
LCBCYXNlNjQtZW5jb2RlZCBpbnRvIGEgYmlnIHN0cmluZy4=
&Version=2010-05-08
&AUTHPARAMS
Sample Response
<UpdateSAMLProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<UpdateSAMLProviderResult>
<SAMLProviderArn>arn:aws:iam::123456789012:saml-provider/MyUniversity</SAMLProviderArn>
</UpdateSAMLProviderResult>
<ResponseMetadata>
<RequestId>29f47818-99f5-11e1-a4c3-27EXAMPLE804</RequestId>
</ResponseMetadata>
</UpdateSAMLProviderResponse>
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: