How to create own Google federated identity sign in page with Amazon Cognito?

I'm quite new to AWS in general and specifically Cognito, please forgive me if my description isn't completely clear.

I've managed to successfully create a Cognito 'user pool' and used the 'hosted UI' for signing in with my google account and added a user to the pool. However, the 'hosted UI' can't be customized how I would like, is there any way of using my own custom webpage (see attached image)?

Also can I change the url in 'Choose an account to continue to amazoncognito.com' (see attached image)?

Thanks for any help,

Tom

https://preview.redd.it/zejod7nazux61.png?width=1440&format=png&auto=webp&s=7a8ffa2950e85ccb258852c60685c87426c0e23f

https://preview.redd.it/6e8ftgk7zux61.png?width=471&format=png&auto=webp&s=f2965e05a8f926e81a34d67cbc21675fbb05a239

πŸ‘︎ 8
πŸ’¬︎
πŸ‘€︎ u/fincht96
πŸ“…︎ May 07 2021
🚨︎ report
Federated Identity without an azure subscription?

I'm migrating a .NET Core MVC v2 web app to .NET Core MVC v5 on Linux. Some of the identity pieces changed such that the docs elude to the requirement of an azure subscription to store a secret. I'm on a budget and I'm not looking to buy that right now. In the future, sure. But not now.

The newer version of Identity is setup in the app, but I'd like to add the Google login provider. I'm not sure how to store the secrets (login id and values). Any tips?

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/goldendinnerplate
πŸ“…︎ Feb 21 2021
🚨︎ report
What is Federated Identity Management?

Federated identity management, also known as identity federation, is a relatively new concept that has the potential to change identity management forever. It could also revolutionize how businesses partner together.

In this article, we will cover what federated identity management is, how it works, how it compares to single sign-on, its benefits, disadvantages, and the potential applications.

Find out more.

https://selfkey.org/what-is-federated-identity-management/

#Crypto #Blockchain $BTC $ETH $KEY

https://preview.redd.it/ojz7qqebs9q61.png?width=1024&format=png&auto=webp&s=3e5a04b0fe4285462a195f83a7977b72895bbc9b

πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/CharmingDrei
πŸ“…︎ Mar 31 2021
🚨︎ report
How can I identify SSO users from my Cognito Federated Identity pool in my REST API?

Despite extensive reading, I think I am misunderstanding how Cognito Federated Identity pools can be used in my SSO workflow.

Currently, my users sign in to my webapp via a Cognito User Pool. After signing in they interact with my REST API where I include their Cognito ID JWTs with each request, and verify their identities on the server using the public JWKs from the User Pool.

Now I am adding SSO via SAML using the following Federated Identity workflow:

  1. Users authenticate with an external SAML provider (I'm using WorkOS to manage the provider connections)
  2. The provider calls back to my API with a code, which is exchanged for the user's profile including their email address
  3. My API calls GetOpenIdTokenForDeveloperIdentity, which upserts an identity in my Federated Identity pool based on the user's email address, and returns an IdentityId and an Open ID token
  4. The IdentityId and token are passed to the client, where Amplify uses them to call Auth.federatedSignIn()
  5. The client exchanges the Open ID token for STS credentials, which include an access key id, secret access key, and session token.

This is where I'm stuck. The client is aware of the user's federated IdentityID, but unlike my User Pool users who have Cognito JWTs, my Federated Identity users only have STS credentials.

How can I include and verify the user's federated IdentityId in my REST API?

Should I be adding SAML providers to my User Pool instead?

Thank you kindly for any advice or guidance!

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/hexy
πŸ“…︎ Feb 21 2021
🚨︎ report
Netdocuments and Single Sign on (Federated Identity)

Netdocuments is reaching it's end of support for Internet Explorer and I was wondering if anyone here has had any experience on implementing single sign on? More specifically any "gotchas" that you may have run across.

EDIT: In case anyone ever comes across this in the future. I just tested this using Azure AD documentation (link below). It worked like a charm. A couple of items to note include:

  1. If you have Azure syncing with your onprem AD, you can simply select existing users and the sync will work.
  2. Yes, you really do enter in "Active Directory Federated Services" and not Azure AD or whatever else they have listed.
  3. Current login/password combinations will work until you actually go through the process of SSO. Only then will it "block" previous login/password combinations.
  4. I had difficulties getting "employeeid" to show up, because it's a small environment, I used the department as a unique identifier.

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/netdocuments-tutorial

πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/CrayonNumberEight
πŸ“…︎ Aug 16 2020
🚨︎ report
AWS Amplify - How do I allow federated identity users to only access data that belongs to them via GraphQL queries?

Hi folks, I've got a mobile app where users sign up/sign in with 'Sign In With Apple' in which a federated identity is created upon sign in. I need to store and fetch data that is only accessible by the user.

How can I make it so users can only access their own data when the app makes GraphQL queries? Which value can I extract from their federated identities that is reliable? Is there a better way to do this?

Thanks in advance, I've searched quite hard for this but I can't find a clear cut answer.

πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/Richard121212
πŸ“…︎ Apr 25 2020
🚨︎ report
CISSP Domain 5 Review / Mindmap - Single Sign-on and Federated Identity Management

I've finished the second of two review / mind map videos for Domain 5. This video reviews Single Sign-on and Federated Identity Management: https://youtu.be/_U4QMIxVk8M

Here is the first video for Domain 5: https://youtu.be/BUcoABZzeQ4

I'm working on similar videos for the other domains. Hopefully, these help you in your studies, and it would be great to get your feedback on whether these are helpful.

πŸ‘︎ 35
πŸ’¬︎
πŸ‘€︎ u/RWitchest
πŸ“…︎ Apr 07 2020
🚨︎ report
Apple School Manager Federated Identity

We are looking at deploying federated identity for Apple School Manager, but we have hundreds of apple id's that we created before the advent of manager apple id's. In the documentation it says that any existing apple id's that use the same domain that you will be using for federated identity they will be renamed to a temporary name. Does anyone know what the temporary names look like, and what happens if you never go and rename these apple id's? At this point we would probably abandon most of them, with only a handful having apps assigned to them that we would keep.

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/sauced
πŸ“…︎ Aug 01 2019
🚨︎ report
Analysis of Common Federated Identity Protocols: OpenID Connect vs OAuth 2.0 vs SAML 2.0 blog.hackedu.io/analysis-…
πŸ‘︎ 41
πŸ’¬︎
πŸ‘€︎ u/jrkjared3
πŸ“…︎ Aug 30 2019
🚨︎ report
How to trigger a Post Authentication lambda for Federated Identities

I want to use Cognito Federated Identities with multiple Authentication Providers, and I want to manage my own consolidated user database (allowing a simple unique user id to use elsewhere in the application).

What would be the correct way to trigger a lambda to insert newly authenticated users into my applications user database?

If I was using User Pools only I could use the offered triggers (and map the sub to my application user id), but once I move things over to Federated Identities there are no triggers offered. People signing up by a User Pool Authentication Provider could be triggered by the User Pool but what about other Authentication Providers? eg Facebook etc..

Secondary question: Is there a best standard for mapping Authentication Providers signins to my application user id? I understand sub is an immutable unique id for User Pools, but the Identity ID given by Federated Identities can merge and thus change, I guess we would use an Authentication Provider specific id?

πŸ‘︎ 8
πŸ’¬︎
πŸ‘€︎ u/STheBarbarian
πŸ“…︎ Feb 06 2019
🚨︎ report
Challenges with Federated Identity in modern browsers textslashplain.com/2019/0…
πŸ‘︎ 9
πŸ’¬︎
πŸ‘€︎ u/ga-vu
πŸ“…︎ Jul 05 2019
🚨︎ report
Cloudformation custom resource on cognito userpool federated identity provider

Hi,

I'm working on creating a Cognito UserPool federated identity provider custom resource for cloudformation (yeah, Cognito gets quite a few mentions here recently ;-)) .

Creation is pretty straightforward just call ```create_identity_provider``` from cognito-idp client and your done.

if you don't want to run updates, deletion is as easy as adding delete_identity_provider from cognito-idp.

The cloudy part for me is the Update/Delete scenario.

So when you run an update you need to call update_identity_provider from cognito-idp and that's fine but I can't somehow figure out how to cope with CLEANUP phase which sends a DELETE request to remove old entry. I always end up with first updated to be later deleted identity provider.

Has anyone any ideas what would be the best approach to deal with it?

Edit: wording

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/mstromich
πŸ“…︎ Dec 11 2018
🚨︎ report
Cognito Federated Identities - where/how to store user profile data?

Having gotten Federated Identities (sort of) working, I am now wondering where to store users' profile information.

I can get the unauthenticated identityId from Cognito, then let the user log in with G+ and/or FB and so forth. Happy with that part. However, I am not sure what to do with the user information I retrieve from G+ and FB.

Say I want to have a list of user posts, each post being posted by a different identityId. I'll probably store that in some Dynamo DB against the identityId. All good.

However, what do I do with user profile information? Do I store the retrieved user information also for example in a table somewhere? And then look that info up per post to show for example the user that created a post? (including profile pic etc.)

I first tried to store user profile info through Cognito Sync - and that worked but I now realise that data stored through Sync is not available to any other user? (which makes sense)

Any help would be appreciated. Just feel a little lost, Also feels weird to restore the data that is received from FB and google. But I guess when you start linking accounts from different providers then you are forced to have a seperate profile store of your own?

πŸ‘︎ 11
πŸ’¬︎
πŸ‘€︎ u/rashaza
πŸ“…︎ Jun 11 2017
🚨︎ report
AWS Cognito with User Pools Federated Identity (SAML)

Okay,

So I'm prototyping this out. I've built a (in-app, not hosted) UI system for logon within my app, and finally got it working. I'm actually pretty happy with how it's flowing so far. It handles users needing to set a password on first logon, handles SMS MFA, and error states. No "forced reset" yet, but that's only a matter of time.

So this is 100% working with users I create in the pool via the console UI. I can add a user, set an initial password, reset it in the APP, and progress to CONFIRMED and then log them into my app. Lovely.

The main reason for moving to Cognito here is to support one of our clients using SAML. So most users will be "local" users, and will migrate to use Cognito to manage their credentials (exactly as built above, this is working). This one client wants to use their SAML provider (AD) to validate their users, which seems example what Federated Identify providers in the User Pool is for.

I've been able to configure the Identify Provider, got that linked in, and Cognito is happy with it. It passes the checks. It's made a new "group" for users, and seems fine.

My question is, how do I setup a user, using that federated identity? If I add a user via the console, I have to set a password and it seems to use the local cognito details regardless.

I've been given a "test user" from the identity provider, but when i use that username, I just get "user does not exist" back from Cognito.

What am I missing as far as adding using, I assume I need the user to exist in Cognito first, but doesn't seem doing it via the console works? Or does a user get created automatically if a logon request is accepted by the federated identify?

πŸ‘︎ 6
πŸ’¬︎
πŸ‘€︎ u/VIDGuide
πŸ“…︎ Mar 05 2019
🚨︎ report
Federated Matrix Identity Server for self-hosted Matrix infrastructures with enhanced features. (Easy Docker setup) github.com/kamax-matrix/m…
πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/lenjioereh
πŸ“…︎ Apr 25 2019
🚨︎ report
Can I create anonymous/guest users in Federated Identities?

I do not found this in documentation.

My original idea was to use Federated Identities to create a guest users and after that generate STS token for them for API Gateway, with storing in DynamoDB records (settings) about that unauthenticated identities; when guest user signup through the Cognito User Pool - "merge/transform" guest account from Federated Identity into account in Cognito User Pool. Please correct me if I am wrong.

Update: I found that I can use `AdminCreateUser` for creating a user in the same User Pool, looks like this is what I need...

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/vitaly-zdanevich
πŸ“…︎ Jun 06 2019
🚨︎ report
Federated Identities Using [Login with Amazon] with Amazon Cognito and AWS Amplify medium.com/@dmennis/bfb7d…
πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/kiarash-irandoust
πŸ“…︎ Nov 15 2018
🚨︎ report
Federated Identities Using [Login with Amazon] with Amazon Cognito and AWS Amplify medium.com/p/bfb7dfb7e185
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/Fewthp
πŸ“…︎ Nov 15 2018
🚨︎ report
Clarification of the term 'Federated Identity'

This is driving me bonkers!

I am trying to understand what the term 'federated identity' means. If someone were to ask you to explain what it was, what would you say?

I understand how users authenticate once their enterprise is in a federation with another - is this overall process 'federated identity', or is the definition less verbose than this?

πŸ‘︎ 9
πŸ’¬︎
πŸ‘€︎ u/slewid
πŸ“…︎ Mar 04 2017
🚨︎ report
Federated Identities Using [Login with Amazon] with Amazon Cognito and AWS Amplify medium.com/p/bfb7dfb7e185
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/Fewthp
πŸ“…︎ Jan 15 2019
🚨︎ report
Best approach to migrate an existing user base using only Federated Identities to Cognito?

Hi Redditers, this is my first post here! πŸŽ‰

On my current job, I am facing the challenge of migrate an entirely existing user base to Cognito. We are moving from a Hybrid Phonegap application to a Native-ish React Native application, using the Amplify library, and take advantage of tokens handling through Authentication service.

The problem

I have read the Migrating users to Cognito User Pools article, but my problem is that in the old application we are only allowing users to sign in / sign up with Facebook or Google providers.

What do you guys suggest me? I want the migration to happen progressively. I mean, when a user signs in via facebook or google and they exist on our old database, create the user on the new Cognito User Pool and continue using that user pool on subsequent logins.

πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/kevinwolfcr
πŸ“…︎ Sep 13 2018
🚨︎ report
Issues with cognito & federated Identities using js

I'm just learning cognito and trying to tie it in with facebook using javascript. I can get the user logged into facebook, but I've having issues getting them inserted into the userpool I've created.

My code is at https://pastebin.com/Zy0pVrKV

My issues are as follows:

On line 12, when I console.log the AWS.config.credentials, I have expired:true (among other things). Is this relevent? When I try to call FB.login, I get an error saying I'm already logged in.

On line 26, when I console.log the results from getId(), both data & error are null and the status code is undefined

Can someone tell me where I'm going wrong? I'm new to js so I'll take all the help I can get.

πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/thescrambler1979
πŸ“…︎ Jun 16 2017
🚨︎ report
Enable federated authentication and configure Auth0 as an identity provider in Sitecore 9.0 blog.baslijten.com/enable…
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/NWContentTech
πŸ“…︎ Oct 23 2017
🚨︎ report
AzureAD Identity Protection adds support for federated identities! blogs.technet.microsoft.c…
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/blockcipher
πŸ“…︎ Jun 02 2016
🚨︎ report
Collective Punishment: SOPA and Protect-IP are Threats to NSTIC and Federated Identity blogs.gartner.com/ian-gla…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/jameslosey
πŸ“…︎ Jan 11 2012
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.