Use Cases

Changing the AWS SAML connection to use WS-Trust STS

About this task

Change the AWS SP SAML connection to use the STS processor and map the attributes.

Steps

  1. On the Identity Provider tab, from the SP connections list, select your AWS connection.

  2. Click Connection Type and select the WS-Trust STS check box. Click Next.

  3. On the WS-Trust STS tab, click Configure WS-Trust STS and enter https://signin.aws.amazon.com/saml in the Partner Service Identifier field. Click Add and then click Next.

  4. On the Token Creation screen, click Configure Token Creation.

  5. Enter https://aws.amazon.com/SAML/Attributes/Role in the Extend the Contract field. Click Add.

  6. Enter https://aws.amazon.com/SAML/Attributes/RoleSessionName in the Extend the Contract field and click Add. Click Next.

  7. On the IdP Token Processor Mapping tab, click Map New Token Processor Instance and specify the token processor. Click Next.

  8. Map the Attribute Contract Fulfillment section. See steps 13 - 15 in Creating a new SP connection in PingFederate.

  9. Click Next and Save on the Summary tab.