AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2025-04-25 · Documentation low

File: singlesignon/latest/OIDCAPIReference/API_AwsAdditionalDetails.md

Summary

Clarified identity context documentation and added link to trusted identity propagation guide

Security assessment

Enhanced explanation of identity context used for authorization decisions. Adds security documentation about trusted context assertions but doesn't address a specific vulnerability.

Diff

diff --git a/singlesignon/latest/OIDCAPIReference/API_AwsAdditionalDetails.md b/singlesignon/latest/OIDCAPIReference/API_AwsAdditionalDetails.md
index aef6b5c93..33a07112e 100644
--- a//singlesignon/latest/OIDCAPIReference/API_AwsAdditionalDetails.md
+++ b//singlesignon/latest/OIDCAPIReference/API_AwsAdditionalDetails.md
@@ -9 +9 @@ ContentsSee Also
-This structure contains AWS-specific parameter extensions and the identity context. Identity context is the metadata used to identify the requester, AWS service which access is requested, and the scope of access authorized to the requester.
+This structure contains AWS-specific parameter extensions and the [identity context](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overview.html).
@@ -16 +16,3 @@ This structure contains AWS-specific parameter extensions and the identity conte
-The trusted context assertion is signed and encrypted by AWS STS.
+The trusted context assertion is signed and encrypted by AWS STS. It provides access to `sts:identity_context` claim in the `idToken` without JWT parsing
+
+Identity context comprises information that AWS services use to make authorization decisions when they receive requests.