UpdateSAMLProvider - AWS Identity and Access Management

UpdateSAMLProvider

Updates the metadata document, SAML encryption settings, and private keys for an existing SAML provider. To rotate private keys, add your new private key and then remove the old key in a separate request.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

AddPrivateKey

Specifies the new private key from your external identity provider. The private key must be a .pem file that uses AES-GCM or AES-CBC encryption algorithm to decrypt SAML assertions.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 16384.

Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+

Required: No

AssertionEncryptionMode

Specifies the encryption setting for the SAML provider.

Type: String

Valid Values: Required | Allowed

Required: No

RemovePrivateKey

The Key ID of the private key to remove.

Type: String

Length Constraints: Minimum length of 22. Maximum length of 64.

Pattern: [A-Z0-9]+

Required: No

SAMLMetadataDocument

An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your IdP.

Type: String

Length Constraints: Minimum length of 1000. Maximum length of 10000000.

Required: No

SAMLProviderArn

The Amazon Resource Name (ARN) of the SAML provider to update.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: Yes

Response Elements

The following element is returned by the service.

SAMLProviderArn

The Amazon Resource Name (ARN) of the SAML provider that was updated.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidInput

The request was rejected because an invalid or out-of-range value was supplied for an input parameter.

HTTP Status Code: 400

LimitExceeded

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 409

NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404

ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Examples

Example

This example illustrates one usage of UpdateSAMLProvider.

Sample Request

https://iam.amazonaws.com/?Action=UpdateSAMLProvider &AssertionEncryptionMode=Required &AddPrivateKey &RemovePrivateKey=examplef-1308-c242-eba1-71fr267bcda3 &Name=arn:aws:iam::123456789012:saml-provider/MyUniversity &SAMLMetadataDocument=VGhpcyBpcyB3aGVyZSB5b3UgcHV0IHRoZSBTQU1MIHByb3ZpZGVyIG1ldGFkYXRhIGRvY3VtZW50 LCBCYXNlNjQtZW5jb2RlZCBpbnRvIGEgYmlnIHN0cmluZy4= &Version=2010-05-08 &AUTHPARAMS

Sample Response

<UpdateSAMLProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> <UpdateSAMLProviderResult> <SAMLProviderArn>arn:aws:iam::123456789012:saml-provider/MyUniversity</SAMLProviderArn> </UpdateSAMLProviderResult> <ResponseMetadata> <RequestId>29f47818-99f5-11e1-a4c3-27EXAMPLE804</RequestId> </ResponseMetadata> </UpdateSAMLProviderResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: