AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2025-08-13 · Documentation low

File: singlesignon/latest/userguide/trusted-token-issuer-configuration-settings.md

Summary

Clarified formatting requirements for the discovery endpoint URL and emphasized that incorrect URLs will cause setup failures without validation.

Security assessment

The change clarifies configuration requirements but does not address a specific security vulnerability or introduce new security features. It highlights a potential misconfiguration risk, but this is a documentation improvement rather than a security fix.

Diff

diff --git a/singlesignon/latest/userguide/trusted-token-issuer-configuration-settings.md b/singlesignon/latest/userguide/trusted-token-issuer-configuration-settings.md
index 7066058b9..eb9f85164 100644
--- a//singlesignon/latest/userguide/trusted-token-issuer-configuration-settings.md
+++ b//singlesignon/latest/userguide/trusted-token-issuer-configuration-settings.md
@@ -28 +28 @@ When you add a trusted token issuer to the IAM Identity Center console, you must
-You must paste the URL of the discovery endpoint _up until and without_ `.well-known/openid-configuration`. If `.well-known/openid-configuration` is included in the URL, the trusted token issuer configuration won't work. Because IAM Identity Center doesn't validate this URL, if the URL isn't correctly formed, the trusted token issuer setup will fail without notification.
+You must paste the URL of the discovery endpoint _up until and without_ `.well-known/openid-configuration`. If `.well-known/openid-configuration` is included in the URL, the trusted token issuer configuration will not work. Because IAM Identity Center doesn't validate this URL, if the URL isn't correctly formed, the trusted token issuer setup will fail without notification.