AWS singlesignon documentation change
Summary
Clarified identity context documentation and added link to trusted identity propagation guide
Security assessment
Enhanced explanation of identity context used for authorization decisions. Adds security documentation about trusted context assertions but doesn't address a specific vulnerability.
Diff
diff --git a/singlesignon/latest/OIDCAPIReference/API_AwsAdditionalDetails.md b/singlesignon/latest/OIDCAPIReference/API_AwsAdditionalDetails.md index aef6b5c93..33a07112e 100644 --- a//singlesignon/latest/OIDCAPIReference/API_AwsAdditionalDetails.md +++ b//singlesignon/latest/OIDCAPIReference/API_AwsAdditionalDetails.md @@ -9 +9 @@ ContentsSee Also -This structure contains AWS-specific parameter extensions and the identity context. Identity context is the metadata used to identify the requester, AWS service which access is requested, and the scope of access authorized to the requester. +This structure contains AWS-specific parameter extensions and the [identity context](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overview.html). @@ -16 +16,3 @@ This structure contains AWS-specific parameter extensions and the identity conte -The trusted context assertion is signed and encrypted by AWS STS. +The trusted context assertion is signed and encrypted by AWS STS. It provides access to `sts:identity_context` claim in the `idToken` without JWT parsing + +Identity context comprises information that AWS services use to make authorization decisions when they receive requests.