Creating and Managing a SAML Identity Provider for a User Pool (AWS CLI and AWS API)
Use the following commands to create and manage a SAML provider.
To create an identity provider and upload a metadata document
-
AWS CLI:
aws cognito-idp create-identity-providerExample with metadata file:
aws cognito-idp create-identity-provider --user-pool-id<user_pool_id>--provider-name=SAML_provider_1 --provider-type SAML --provider-details file:///details.json --attribute-mapping email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressWhere
details.jsoncontains:{ "MetadataFile": "<SAML metadata XML>" }Note If the
<SAML metadata XML>contains any quotations ("), they must be escaped (\").Example with metadata URL:
aws cognito-idp create-identity-provider --user-pool-id<user_pool_id>--provider-name=SAML_provider_1 --provider-type SAML --provider-details MetadataURL=<metadata_url>--attribute-mapping email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -
AWS API: CreateIdentityProvider
To upload a new metadata document for an identity provider
-
AWS CLI:
aws cognito-idp update-identity-providerExample with metadata file:
aws cognito-idp update-identity-provider --user-pool-id<user_pool_id>--provider-name=SAML_provider_1 --provider-details file:///details.json --attribute-mapping email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressWhere
details.jsoncontains:{ "MetadataFile": "<SAML metadata XML>" }Note If the
<SAML metadata XML>contains any quotations ("), they must be escaped (\").Example with metadata URL:
aws cognito-idp update-identity-provider --user-pool-id<user_pool_id>--provider-name=SAML_provider_1 --provider-details MetadataURL=<metadata_url>--attribute-mapping email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -
AWS API: UpdateIdentityProvider
To get information about a specific identity provider
-
AWS CLI:
aws cognito-idp describe-identity-provideraws cognito-idp describe-identity-provider --user-pool-id<user_pool_id>--provider-name=SAML_provider_1 -
AWS API: DescribeIdentityProvider
To list information about all identity providers
-
AWS CLI:
aws cognito-idp list-identity-providersExample:
aws cognito-idp list-identity-providers --user-pool-id<user_pool_id>--max-results 3 -
AWS API: ListIdentityProviders
To delete an IdP
-
AWS CLI:
aws cognito-idp delete-identity-provideraws cognito-idp delete-identity-provider --user-pool-id<user_pool_id>--provider-name=SAML_provider_1 -
AWS API: DeleteIdentityProvider
