Azure AD support for AWS China region

Copper Contributor

Hello,

I found this link from last year. Can you please confirm if this is still the case?https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/37337002-azuread-cannot-...

 

Also in my testing setting up Azure AD as Idp and AWS China as service provider mostly works. 

 

SP sends a SAML Request for which Azure AD successfully sends a SAML Response with the correct roles.

 <Attribute Name="https://www.amazonaws.cn/SAML/Attributes/Role">
        <AttributeValue>arn:aws-cn:iam::xxxxxxxx:saml-provider/AzureAD-xxxxxx-China,arn:aws-cn:iam::xxxxxxx:role/ADFS-xxxxxxx</AttributeValue>
      </Attribute>

But i do get this error...

Error: Your request included an invalid SAML response. to logout, click here.
This error can occur when the SAML response from the identity provider does not include an attribute with the Name set to http://www.amazonaws.cn/SAML/Attributes/Role. The attribute must contain one or more AttributeValue elements, each containing a comma-separated pair of strings:

The ARN of a role that the user can be mapped to

The ARN of the SAML provider

 

Thanks,

ashok

1 Reply

@ashokbellur hello! Were you able to solve this?

 

I have the same problem with AWS China, and not using automatic provisioning.