goauthentik
Amazon business SSO
Describe your question/ I' trying to get authentik working as an amazon business identity provider, but I always get an error stating that assertions could not be parsed
Relevant infos Amazon setup guide: https://www.amazon.de/ab/sso/setup-guide
Screenshots
- UniqeID: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- E-mail: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- Full Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Logs
Version and Deployment (please complete the following information):
- authentik version: 2022.2.1
- Deployment: docker-compose
Additional context Add any other context about the problem here.
I havent tested this yet, but make sure to not enable encryption as authentik doesn't currently support encrypted SAML Assertions
Ah, that's good to know, not sure if it is possible to disable it on Amazons side, tough.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'd still love so see this being resolved, not sure how I can help, though.
So I got this to work, the important steps are:
- Don't enable encrypted assertions on Amazon's side
- The SAML Signing certificate (which is required) needs to have a Subject-alternate-name set, which the default authentik certificate did not, so I generated a new one (any domain seems to work, having a SAN of
goauthentik.iowhen testing onlocalhostworks - Enable the default mappings in authentik
- Create the provider with a Post binding
- Configure the mappings on amazon's side like this
@dorianim If you were able to set up amazon business with authentik, feel free to submit a PR to add it to the integrations page (https://docs.goauthentik.io/developer-docs/docs/templates/#add-a-new-integration)