AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2025-11-22 · Documentation low

File: singlesignon/latest/userguide/trustedidentitypropagation-identity-enhanced-iam-role-sessions.md

Summary

Fixed a URL formatting issue in the AssumeRole API reference link by adding an extra slash after the domain.

Security assessment

The change only corrects a URL syntax error (adding an extra '/') without modifying security-related content. No security implications exist as it doesn't alter authentication flows, permissions, or vulnerability disclosures.

Diff

diff --git a/singlesignon/latest/userguide/trustedidentitypropagation-identity-enhanced-iam-role-sessions.md b/singlesignon/latest/userguide/trustedidentitypropagation-identity-enhanced-iam-role-sessions.md
index 3ccf65c71..4a8637686 100644
--- a//singlesignon/latest/userguide/trustedidentitypropagation-identity-enhanced-iam-role-sessions.md
+++ b//singlesignon/latest/userguide/trustedidentitypropagation-identity-enhanced-iam-role-sessions.md
@@ -11 +11 @@ The [AWS Security Token Service](https://docs.aws.amazon.com/IAM/latest/UserGuid
-AWS applications obtain identity-enhanced role sessions by making requests to the AWS STS [AssumeRole](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) API action and passing a context assertion with the user’s identifier (`userId`) in the `ProvidedContexts` parameter of the request to `AssumeRole`. The context assertion is obtained from the `idToken` claim received in response to a request to `SSO OIDC` to [`CreateTokenWithIAM`](https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.html). When an AWS application uses an identity-enhanced role session to access a resource, CloudTrail logs the `userId`, the initiating session, and the action taken. For more information, see Identity-enhanced IAM role session logging.
+AWS applications obtain identity-enhanced role sessions by making requests to the AWS STS [AssumeRole](https://docs.aws.amazon.com//STS/latest/APIReference/API_AssumeRole.html) API action and passing a context assertion with the user’s identifier (`userId`) in the `ProvidedContexts` parameter of the request to `AssumeRole`. The context assertion is obtained from the `idToken` claim received in response to a request to `SSO OIDC` to [`CreateTokenWithIAM`](https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.html). When an AWS application uses an identity-enhanced role session to access a resource, CloudTrail logs the `userId`, the initiating session, and the action taken. For more information, see Identity-enhanced IAM role session logging.