AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-04-16 · Documentation low

File: cognito/latest/developerguide/saml-identity-provider.md

Summary

Removed Android and iOS SDK code examples for SAML assertion handling

Security assessment

The changes remove platform-specific code examples but do not address security vulnerabilities or introduce security-related content.

Diff

diff --git a/cognito/latest/developerguide/saml-identity-provider.md b/cognito/latest/developerguide/saml-identity-provider.md
index 7fc328b12..279ba65fd 100644
--- a//cognito/latest/developerguide/saml-identity-provider.md
+++ b//cognito/latest/developerguide/saml-identity-provider.md
@@ -5 +5 @@
-Configuring your identity pool for a SAML IdPConfiguring your SAML IdPCustomizing your user role with SAMLAuthenticating users with a SAML IdPAndroidiOS
+Configuring your identity pool for a SAML IdPConfiguring your SAML IdPCustomizing your user role with SAMLAuthenticating users with a SAML IdP
@@ -70,34 +69,0 @@ You can't repeat, or _replay_ , a SAML assertion in the `Logins` map of your ide
-## Android
-
-If you use the Android SDK, you can populate the logins map with the SAML assertion as follows.
-    
-    
-    Map logins = new HashMap();
-    logins.put("arn:aws:iam::aws account id:saml-provider/name", "base64 encoded assertion response");
-    // Now this should be set to CognitoCachingCredentialsProvider object.
-    CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(context, identity pool id, region);
-    credentialsProvider.setLogins(logins);
-    // If SAML assertion contains multiple roles, resolve the role by setting the custom role
-    credentialsProvider.setCustomRoleArn("arn:aws:iam::aws account id:role/customRoleName");
-    // This should trigger a call to the Amazon Cognito service to get the credentials.
-    credentialsProvider.getCredentials();
-    
-
-## iOS
-
-If you are using the iOS SDK, you can provide the SAML assertion in `AWSIdentityProviderManager` as follows.
-    
-    
-    - (AWSTask<NSDictionary<NSString*,NSString*> *> *) logins {
-        //this is hardcoded for simplicity, normally you would asynchronously go to your SAML provider 
-        //get the assertion and return the logins map using a AWSTaskCompletionSource
-        return [AWSTask taskWithResult:@{@"arn:aws:iam::aws account id:saml-provider/name":@"base64 encoded assertion response"}];
-    }
-     
-    // If SAML assertion contains multiple roles, resolve the role by setting the custom role.
-    // Implementing this is optional if there is only one role.
-    - (NSString *)customRoleArn {
-        return @"arn:aws:iam::accountId:role/customRoleName";
-    }
-    
-