AWS cognito documentation change
Summary
Removed Android and iOS SDK code examples for SAML assertion handling
Security assessment
The changes remove platform-specific code examples but do not address security vulnerabilities or introduce security-related content.
Diff
diff --git a/cognito/latest/developerguide/saml-identity-provider.md b/cognito/latest/developerguide/saml-identity-provider.md index 7fc328b12..279ba65fd 100644 --- a//cognito/latest/developerguide/saml-identity-provider.md +++ b//cognito/latest/developerguide/saml-identity-provider.md @@ -5 +5 @@ -Configuring your identity pool for a SAML IdPConfiguring your SAML IdPCustomizing your user role with SAMLAuthenticating users with a SAML IdPAndroidiOS +Configuring your identity pool for a SAML IdPConfiguring your SAML IdPCustomizing your user role with SAMLAuthenticating users with a SAML IdP @@ -70,34 +69,0 @@ You can't repeat, or _replay_ , a SAML assertion in the `Logins` map of your ide -## Android - -If you use the Android SDK, you can populate the logins map with the SAML assertion as follows. - - - Map logins = new HashMap(); - logins.put("arn:aws:iam::aws account id:saml-provider/name", "base64 encoded assertion response"); - // Now this should be set to CognitoCachingCredentialsProvider object. - CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(context, identity pool id, region); - credentialsProvider.setLogins(logins); - // If SAML assertion contains multiple roles, resolve the role by setting the custom role - credentialsProvider.setCustomRoleArn("arn:aws:iam::aws account id:role/customRoleName"); - // This should trigger a call to the Amazon Cognito service to get the credentials. - credentialsProvider.getCredentials(); - - -## iOS - -If you are using the iOS SDK, you can provide the SAML assertion in `AWSIdentityProviderManager` as follows. - - - - (AWSTask<NSDictionary<NSString*,NSString*> *> *) logins { - //this is hardcoded for simplicity, normally you would asynchronously go to your SAML provider - //get the assertion and return the logins map using a AWSTaskCompletionSource - return [AWSTask taskWithResult:@{@"arn:aws:iam::aws account id:saml-provider/name":@"base64 encoded assertion response"}]; - } - - // If SAML assertion contains multiple roles, resolve the role by setting the custom role. - // Implementing this is optional if there is only one role. - - (NSString *)customRoleArn { - return @"arn:aws:iam::accountId:role/customRoleName"; - } - -