AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2026-04-19 · Documentation low

File: IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.md

Summary

Fixed typos: removed duplicate 'the' and removed stray double quote in SAML attribute URL

Security assessment

These are minor typographical corrections. The removal of a stray double quote in the SessionDuration attribute URL could prevent configuration errors, but there's no evidence this addresses an active security vulnerability or weakness.

Diff

diff --git a/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.md b/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.md
index 6c97bc415..a69efc9be 100644
--- a//IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.md
+++ b//IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.md
@@ -17 +17 @@ When the IdP sends the response containing the claims to AWS, many of the incomi
-The response must include exactly one `SubjectConfirmation` element with a `SubjectConfirmationData` element that includes both the `NotOnOrAfter` attribute and a `Recipient` attribute. The Recipient attribute must include a value that matches the AWS sign-in endpoint URL. Your IdP may use the the term `ACS`, `Recipient`, or `Target` to refer to this attribute.
+The response must include exactly one `SubjectConfirmation` element with a `SubjectConfirmationData` element that includes both the `NotOnOrAfter` attribute and a `Recipient` attribute. The Recipient attribute must include a value that matches the AWS sign-in endpoint URL. Your IdP may use the term `ACS`, `Recipient`, or `Target` to refer to this attribute.
@@ -116 +116 @@ The value of the `Name` attribute in the `Attribute` tag is case-sensitive. It m
-(Optional) You can use an `Attribute` element with the `Name` attribute set to `https://aws.amazon.com/SAML/Attributes/SessionDuration"`. This element contains one `AttributeValue` element that specifies how long the user can access the AWS Management Console before having to request new temporary credentials. The value is an integer representing the number of seconds for the session. The value can range from 900 seconds (15 minutes) to 43200 seconds (12 hours). If this attribute is not present, then the credential last for one hour (the default value of the `DurationSeconds` parameter of the `AssumeRoleWithSAML` API).
+(Optional) You can use an `Attribute` element with the `Name` attribute set to `https://aws.amazon.com/SAML/Attributes/SessionDuration`. This element contains one `AttributeValue` element that specifies how long the user can access the AWS Management Console before having to request new temporary credentials. The value is an integer representing the number of seconds for the session. The value can range from 900 seconds (15 minutes) to 43200 seconds (12 hours). If this attribute is not present, then the credential last for one hour (the default value of the `DurationSeconds` parameter of the `AssumeRoleWithSAML` API).