samlgoogle-workspaceopensearch
AWS OpenSearch Goggle Workspace SAML authentications
I have configured a custom SAML app in Google Workspace and configured AWS Opensearch to use SP-initiated SSO.
I am able to access OpenSearch via the URL but I get the following error
Missing Role No roles available for this user, please contact your system administrator.
I guess there are some SAML attribute mapping and group set up that are required. I've created an opensearch group in Google for users that I wish to have access.
I think the following AWS Opensearch parameters require a value
SAML master backend role Subject key Roles key
Solution
This was resolved using and IdP initiated authentication flow instead. The links posted in answers above helped us implement this.
- Logging into SAML/Shibboleth authenticated server using python
- SimpleSAML\Error\Exception: Could not find the metadata of an IdP with entity ID
- Security concerns with providing SAML metadata on public URL
- How to get a SAML token from ADFS sever to pull data from dynamics CRM on-premises (non-sdk) in c#?
- How to add ForceAuthn flag on AWS cognito
- Python Requests - SAML Login Redirect
- How to get SAML token using C#/ASP.NET
- Simple way to put AWS Lambda app behind SAML authentication
- Why wouldn't the IdP initiate contact with the SP in a SAML 2.0 SSO integration?
- How to solve the xmlsec Error: (100, 'lxml & xmlsec libxml2 library version mismatch')
- Mendix and Azure Ad B2C AuthRequest does not have assertion consumer service URL
- Authenticate requests session with login.microsoftonline.com
- Python SSO: pysaml2 and python3-saml
- How to create public and private key with OpenSSL?
- How to change NameID in SimpleSAMLphp
- Add SHA1 to signxml python
- What causes a Responder status in a SAML response
- How to validate a SAML token from ADFS 3.0 in an ASP.NET Core Web API
- Moodle intergration with ADFS--Plugin SAML2 Single sign on
- Python Django ModelViewSet implementation with SAML ACS
- openconnect with gp does not prompt for SAML authentication in command line
- Integrate SAML in Laravel using existing Idp and SP
- Keycloak as a Service Provider - setting up a signing certificate
- Keycloak: Unique SAML endpoint per SAML Client in the same Realm
- Implement single signon (SSO) using SAML in java and AzureAD as IDP
- SSO/SAML trace on Android/iOS
- Firebase , Active Directory - Will AD users get created in Firebase as well?
- SOAP Header Invalid Signature on Timestamp
- Error authenticating to SonarQube using SAML Okta
- Why signature need in SAML request for ADFS?