The SAML provider that you create with this operation can be used as a principal in a role's trust policy to establish a trust relationship between AWS and a SAML identity provider. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS.
When you create the SAML provider, you upload an a SAML metadata document that you get from your IdP and that includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
|This operation requires Signature Version 4.|
For more information, see Giving Console Access Using SAML and Creating Temporary Security Credentials for SAML Federation in the Using Temporary Credentials guide.
- request (CreateSAMLProviderRequest)
- Container for the necessary parameters to execute the CreateSAMLProvider service method.
The request was rejected because it attempted to create a resource that already exists.
The request was rejected because it attempted to create resources beyond the current
AWS account limits. The error message describes the limit exceeded.