AWS res high security documentation change
Summary
Updated SAML response template to use HTTPS and minor wording changes.
Security assessment
Changed SAML Destination from HTTP to HTTPS to enforce secure transmission of authentication responses, preventing potential man-in-the-middle attacks. This addresses a concrete security vulnerability in the example configuration.
Diff
diff --git a/res/archive/release-minus-1/ug/configure-id-federation.md b/res/archive/release-minus-1/ug/configure-id-federation.md index 2e68ef8c5..2ba14a68d 100644 --- a//res/archive/release-minus-1/ug/configure-id-federation.md +++ b//res/archive/release-minus-1/ug/configure-id-federation.md @@ -11 +11 @@ Configure your identity providerConfigure RES to use your identity providerConfi -Research and Engineering Studio integrates with any SAML 2.0 identity provider to authenticate user access to the RES portal. These steps provide directions to integrate with your chosen SAML 2.0 identity provider. If you intend to use IAM Identity Center, please see [Setting up single sign-on (SSO) with IAM Identity Center](./sso-idc.html). +Research and Engineering Studio integrates with any SAML 2.0 identity provider to authenticate user access to the RES portal. These steps provide directions to integrate with your chosen SAML 2.0 identity provider. If you intend to use IAM Identity Center, see [Setting up single sign-on (SSO) with IAM Identity Center](./sso-idc.html). @@ -99 +99 @@ Provide the input in the following format. - Destination="http://user-pool-domain/saml2/idpresponse" + Destination="https://user-pool-domain/saml2/idpresponse"