Changing the AWS SAML connection to use WS-Trust STS
About this task
Change the AWS SP SAML connection to use the STS processor and map the attributes.
Steps
-
On the Identity Provider tab, from the SP connections list, select your AWS connection.
-
Click Connection Type and select the WS-Trust STS check box. Click Next.
-
On the WS-Trust STS tab, click Configure WS-Trust STS and enter
https://signin.aws.amazon.com/saml
in the Partner Service Identifier field. Click Add and then click Next. -
On the Token Creation screen, click Configure Token Creation.
-
Enter
https://aws.amazon.com/SAML/Attributes/Role
in the Extend the Contract field. Click Add. -
Enter
https://aws.amazon.com/SAML/Attributes/RoleSessionName
in the Extend the Contract field and click Add. Click Next. -
On the IdP Token Processor Mapping tab, click Map New Token Processor Instance and specify the token processor. Click Next.
-
Map the Attribute Contract Fulfillment section. See steps 13 - 15 in Creating a new SP connection in PingFederate.
-
Click Next and Save on the Summary tab.