AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-03-23 · Documentation low

File: cognito/latest/developerguide/cognito-user-pools-managing-saml-idp.md

Summary

Updated SAML IdP endpoint URLs to include '.auth' subdomain in domain names

Security assessment

Change only modifies domain structure in example URLs without any security context or vulnerability references

Diff

diff --git a/cognito/latest/developerguide/cognito-user-pools-managing-saml-idp.md b/cognito/latest/developerguide/cognito-user-pools-managing-saml-idp.md
index 673aedf99..765c13f5e 100644
--- a/cognito/latest/developerguide/cognito-user-pools-managing-saml-idp.md
+++ b/cognito/latest/developerguide/cognito-user-pools-managing-saml-idp.md
@@ -32 +32 @@ Before you create a SAML IdP, you must have the SAML metadata document that you
-  8. Choose **Add sign-out flow** if you want Amazon Cognito to send signed sign-out requests to your provider when a user logs out. You must configure your SAML 2.0 IdP to send sign-out responses to the `https://`mydomain.us-east-1.amazoncognito.com`/saml2/logout` endpoint that is created when you configure managed login. The `saml2/logout` endpoint uses POST binding.
+  8. Choose **Add sign-out flow** if you want Amazon Cognito to send signed sign-out requests to your provider when a user logs out. You must configure your SAML 2.0 IdP to send sign-out responses to the `https://`mydomain.auth.us-east-1.amazoncognito.com`/saml2/logout` endpoint that is created when you configure managed login. The `saml2/logout` endpoint uses POST binding.
@@ -155 +155 @@ Example: `aws cognito-idp list-identity-providers --user-pool-id `us-east-1_EXAM
-        https://mydomain.us-east-1.amazoncognito.com/saml2/idpresponse
+        https://mydomain.auth.us-east-1.amazoncognito.com/saml2/idpresponse