AWS res documentation change
Summary
Minor wording change and corrected SAML response destination URL from HTTP to HTTPS in example configuration
Security assessment
Changing the example SAML response destination from HTTP to HTTPS promotes secure configuration by ensuring encrypted communication for SAML responses. This is a security best practice improvement in documentation, though not tied to a specific disclosed vulnerability.
Diff
diff --git a/res/latest/ug/configure-id-federation.md b/res/latest/ug/configure-id-federation.md index edd9138aa..58b661d4a 100644 --- a//res/latest/ug/configure-id-federation.md +++ b//res/latest/ug/configure-id-federation.md @@ -9 +9 @@ Configure your identity providerConfigure RES to use your identity providerConfi -Research and Engineering Studio integrates with any SAML 2.0 identity provider to authenticate user access to the RES portal. These steps provide directions to integrate with your chosen SAML 2.0 identity provider. If you intend to use IAM Identity Center, please see [Setting up single sign-on (SSO) with IAM Identity Center](./sso-idc.html). +Research and Engineering Studio integrates with any SAML 2.0 identity provider to authenticate user access to the RES portal. These steps provide directions to integrate with your chosen SAML 2.0 identity provider. If you intend to use IAM Identity Center, see [Setting up single sign-on (SSO) with IAM Identity Center](./sso-idc.html). @@ -97 +97 @@ Provide the input in the following format. - Destination="http://user-pool-domain/saml2/idpresponse" + Destination="https://user-pool-domain/saml2/idpresponse"