amplify-backend icon indicating copy to clipboard operation
amplify-backend copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

IdpInitiated not used in Cognito SAML Provider

Open gregor-mindflow opened this issue 4 months ago • 0 comments

Environment information

System:
  OS: macOS 15.5
  CPU: (8) arm64 Apple M3
  Memory: 188.30 MB / 16.00 GB
  Shell: /bin/zsh
Binaries:
  Node: 22.15.1 - ~/.local/state/fnm_multishells/88524_1753350659259/bin/node
  Yarn: 1.22.22 - ~/.local/state/fnm_multishells/88524_1753350659259/bin/yarn
  npm: 10.9.2 - ~/.local/state/fnm_multishells/88524_1753350659259/bin/npm
  pnpm: 10.12.4 - ~/.local/state/fnm_multishells/88524_1753350659259/bin/pnpm
NPM Packages:
  @aws-amplify/auth-construct: 1.8.1
  @aws-amplify/backend: 1.16.1
  @aws-amplify/backend-ai: Not Found
  @aws-amplify/backend-auth: 1.7.1
  @aws-amplify/backend-cli: 1.8.0
  @aws-amplify/backend-data: 1.6.1
  @aws-amplify/backend-deployer: 2.1.3
  @aws-amplify/backend-function: 1.14.1
  @aws-amplify/backend-output-schemas: 1.7.0
  @aws-amplify/backend-output-storage: 1.3.1
  @aws-amplify/backend-secret: 1.4.0
  @aws-amplify/backend-storage: 1.4.1
  @aws-amplify/cli-core: 2.2.1
  @aws-amplify/client-config: 1.8.0
  @aws-amplify/data-construct: 1.16.3
  @aws-amplify/data-schema: 1.21.1
  @aws-amplify/deployed-backend-client: 1.8.0
  @aws-amplify/form-generator: 1.2.1
  @aws-amplify/model-generator: 1.2.0
  @aws-amplify/platform-core: 1.10.0
  @aws-amplify/plugin-types: 1.11.0
  @aws-amplify/sandbox: 2.1.2
  @aws-amplify/schema-generator: 1.4.0
  @aws-cdk/toolkit-lib: 1.1.1
  aws-amplify: 6.15.3
  aws-cdk-lib: 2.204.0
  typescript: 5.8.3
AWS environment variables:
  AWS_PROFILE_REGION = eu-central-1
  AWS_PAGER =
  AWS_PROFILE = sandbox-1
  AWS_DEFAULT_PROFILE = sandbox-1
  AWS_EB_PROFILE = sandbox-1
No CDK environment variables

Describe the bug

The params idpInitiated is not passed to the auth-construct for external SAML Provider

https://github.com/aws-amplify/amplify-backend/blob/main/packages/auth-construct/src/construct.ts#L1027-L1047

You can see the param in the aws-cdk-lib/aws-cognito here

Reproduction steps

Define an auth as followed and check the Cloudformation template in cdk.out or directly in Cloudformation. You can also see it in Cognito directly.

import { defineAuth } from "@aws-amplify/backend"

export const auth = defineAuth({
  loginWith: {
    email: true,
    externalProviders: {
      saml: {
        name: "provider-name",
        idpInitiated: true,
        metadata: {
          metadataContent:
            "https://saml-url",
          metadataType: "URL",
        },
        attributeMapping: {
          email: "email",
          profilePicture: "picture",
          custom: {
            name: "name",
          },
        },
      },
      callbackUrls: ["http://localhost:5173"],
      logoutUrls: ["http://localhost:5173"],
    },
  },
})

gregor-mindflow avatar Jul 25 '25 14:07 gregor-mindflow