Forum Discussion
Enterprise Application AWS IAM Identity Centre
IanaMac Hello, to test SAML attestations, you can use debugging tools to understand what Azure AD is sending during the Single Sign-On (SSO) process. Go to the Single Sign-On section of the AWS IAM Identity Center application in Azure AD and click “Test” to generate a SAML request. At this point, check the attributes in the response, paying attention to the NameID and making sure that the “user.mail” attribute is sent correctly for guest users. This will help you figure out if the problem is coming from Azure AD or AWS IAM Identity Center.
IanaMac Hello, to test SAML attestations, you can use debugging tools to understand what Azure AD is sending during the Single Sign-On (SSO) process. Go to the Single Sign-On section of the AWS IAM Identity Center application in Azure AD and click “Test” to generate a SAML request. At this point, check the attributes in the response, paying attention to the NameID and making sure that the “user.mail” attribute is sent correctly for guest users. This will help you figure out if the problem is coming from Azure AD or AWS IAM Identity Center.
Many thanks for the response, however how do i run the test as a guest user who wont have access to azure -> Enterprise apps?
IanaMac Hi, a user with full access and appropriate permissions can simulate the SAML response as if it were a guest user, using the test or impersonation feature. In this way, you can analyze the response sent for guest users without the need for direct access.
- Micheleariis
MANY thanks sorted, i ended up using Edge Developer and SAML response decoder to find the issue.