interface UserPoolIdentityProviderSamlProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Cognito.UserPoolIdentityProviderSamlProps |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awscognito#UserPoolIdentityProviderSamlProps |
 Java | software.amazon.awscdk.services.cognito.UserPoolIdentityProviderSamlProps |
 Python | aws_cdk.aws_cognito.UserPoolIdentityProviderSamlProps |
 TypeScript (source) | aws-cdk-lib » aws_cognito » UserPoolIdentityProviderSamlProps |
Properties to initialize UserPoolIdentityProviderSaml.
Example
const userpool = new cognito.UserPool(this, 'Pool');
// specify the metadata as a file content
new cognito.UserPoolIdentityProviderSaml(this, 'userpoolIdpFile', {
userPool: userpool,
metadata: cognito.UserPoolIdentityProviderSamlMetadata.file('my-file-contents'),
// Whether to require encrypted SAML assertions from IdP
encryptedResponses: true,
// The signing algorithm for the SAML requests
requestSigningAlgorithm: cognito.SigningAlgorithm.RSA_SHA256,
// Enable IdP initiated SAML auth flow
idpInitiated: true,
});
// specify the metadata as a URL
new cognito.UserPoolIdentityProviderSaml(this, 'userpoolidpUrl', {
userPool: userpool,
metadata: cognito.UserPoolIdentityProviderSamlMetadata.url('https://my-metadata-url.com'),
});
Properties
| Name | Type | Description |
|---|---|---|
| metadata | User | The SAML metadata. |
| user | IUser | The user pool to which this construct provides identities. |
| attribute | Attribute | Mapping attributes from the identity provider to standard and custom attributes of the user pool. |
| encrypted | boolean | Whether to require encrypted SAML assertions from IdP. |
| identifiers? | string[] | Identifiers. |
| idp | boolean | Whether to enable IdP-initiated SAML auth flows. |
| idp | boolean | Whether to enable the "Sign-out flow" feature. |
| name? | string | The name of the provider. |
| request | Signing | The signing algorithm for SAML requests. |
metadata
Type:
User
The SAML metadata.
userPool
Type:
IUser
The user pool to which this construct provides identities.
attributeMapping?
Type:
Attribute
(optional, default: no attribute mapping)
Mapping attributes from the identity provider to standard and custom attributes of the user pool.
encryptedResponses?
Type:
boolean
(optional, default: false)
Whether to require encrypted SAML assertions from IdP.
identifiers?
Type:
string[]
(optional, default: no identifiers used)
Identifiers.
Identifiers can be used to redirect users to the correct IdP in multitenant apps.
idpInitiated?
Type:
boolean
(optional, default: false)
Whether to enable IdP-initiated SAML auth flows.
idpSignout?
Type:
boolean
(optional, default: false)
Whether to enable the "Sign-out flow" feature.
name?
Type:
string
(optional, default: the unique ID of the construct)
The name of the provider.
Must be between 3 and 32 characters.
requestSigningAlgorithm?
Type:
Signing
(optional, default: don't sign requests)
The signing algorithm for SAML requests.