SAML Configuration for multiple AWS Identifiers

Question

SAML Configuration for multiple AWS Identifiers

niven01 opened this issue 2 months ago · comments

The step here https://learn.microsoft.com/en-us/entra/identity/saas-apps/amazon-web-service-tutorial#configure-microsoft-entra-sso
Is no longer valid. I cannot have more than one identifier that contains signin.aws.amazon.com/saml as when I try to save I see the error

Unable to save single sign-on configuration.

The part of the IdentifierURI after the # is not being recognised and therefore not seen as unique. It only looks at signin.aws.amazon.com/saml

This has broken our automated onboarding

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

ID: 8fa5814d-91e2-2f75-77e7-62a8597f340c
Version Independent ID: 458e93d7-a180-4c2f-5077-9b9d124d726a
Content: Tutorial: Microsoft Entra SSO integration with AWS Single-Account Access - Microsoft Entra ID
Content Source: docs/identity/saas-apps/amazon-web-service-tutorial.md
Service: entra-id
Sub-service: saas-apps
GitHub Login: @jeevansd
Microsoft Alias: jeedes

TBalaji-MSFT · Answer 1 · Thu Jun 06 2024 00:01:12 GMT+0800 (China Standard Time)

@niven01
Thanks for your feedback! We will investigate and update as appropriate.

Jeevan Desarda · Answer 2 · Thu Jun 06 2024 00:35:46 GMT+0800 (China Standard Time)

@niven01 Can you please tell us which API you are using here for your automation? When I am trying this through the portal then it is working and I can save the URI with # in it. Have you tried using the portal? I understand that you are doing this through automation and I am checking on that.

Nielsen Pierce · Answer 3 · Thu Jun 06 2024 03:18:41 GMT+0800 (China Standard Time)

Thanks @jeevansd

I'm using the Graph API and specifically from this example:https://learn.microsoft.com/en-us/graph/application-saml-sso-configure-api?tabs=http%2Cpowershell-script#step-32-set-basic-saml-urls-for-the-application

However, this is happening in the portal for me and my colleague too.

Can you try creating two in the portal please:

https://signin.aws.amazon.com/saml#1
https://signin.aws.amazon.com/saml#2

The first will create fine as long as you have no other apps with signin.aws.amazon.com/saml in the URI, the second one will fail.

Celeste de Guzman · Answer 4 · Fri Jun 21 2024 01:42:48 GMT+0800 (China Standard Time)

@jeevansd - Following up on this. If this is still an active issue, please migrate this feedback to ADO for tracking. We're changing feedback mechanism from GH issues to UUF and ADO tracking and I'll be disabling issues altogether.

HAMSIKA GAMPALA · Answer 5 · Tue Jun 25 2024 19:39:10 GMT+0800 (China Standard Time)

we're working on updating the document as per the issue.
#please-close