Creating and managing a SAML identity provider for a user pool (AWS CLI and AWS API)
Use the following commands to create and manage a SAML identity provider (IdP).
To create an IdP and upload a metadata document
-
AWS CLI:
aws cognito-idp create-identity-provider
Example with metadata file:
aws cognito-idp create-identity-provider --user-pool-id
<user_pool_id>
--provider-name=SAML_provider_1 --provider-type SAML --provider-details file:///details.json --attribute-mapping email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressWhere
details.json
contains:{ "MetadataFile": "
<SAML metadata XML>
" }Note If the
<SAML metadata XML>
contains any quotations ("
), they must be escaped (\"
).Example with metadata URL:
aws cognito-idp create-identity-provider --user-pool-id
<user_pool_id>
--provider-name=SAML_provider_1 --provider-type SAML --provider-details MetadataURL=<metadata_url>
--attribute-mapping email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -
AWS API: CreateIdentityProvider
To upload a new metadata document for an IdP
-
AWS CLI:
aws cognito-idp update-identity-provider
Example with metadata file:
aws cognito-idp update-identity-provider --user-pool-id
<user_pool_id>
--provider-name=SAML_provider_1 --provider-details file:///details.json --attribute-mapping email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressWhere
details.json
contains:{ "MetadataFile": "
<SAML metadata XML>
" }Note If the
<SAML metadata XML>
contains any quotations ("
), they must be escaped (\"
).Example with metadata URL:
aws cognito-idp update-identity-provider --user-pool-id
<user_pool_id>
--provider-name=SAML_provider_1 --provider-details MetadataURL=<metadata_url>
--attribute-mapping email=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -
AWS API: UpdateIdentityProvider
To get information about a specific IdP
-
AWS CLI:
aws cognito-idp describe-identity-provider
aws cognito-idp describe-identity-provider --user-pool-id
<user_pool_id>
--provider-name=SAML_provider_1 -
AWS API: DescribeIdentityProvider
To list information about all IdPs
-
AWS CLI:
aws cognito-idp list-identity-providers
Example:
aws cognito-idp list-identity-providers --user-pool-id
<user_pool_id>
--max-results 3 -
AWS API: ListIdentityProviders
To delete an IdP
-
AWS CLI:
aws cognito-idp delete-identity-provider
aws cognito-idp delete-identity-provider --user-pool-id
<user_pool_id>
--provider-name=SAML_provider_1 -
AWS API: DeleteIdentityProvider