<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Error when Logging Into AWS "AWSSecurityTokenService; Status Code: 400; Error Code: InvalidIdentityToken"
Nov 13, 2025
Single Sign-On
Integrations
Okta Classic Engine
Okta Identity Engine
All Engines
Overview

When trying to test the initial setup of AWS, SAML authentication may receive the following error:

Response signature invalid (Service: AWSSecurityTokenService; Status Code: 400; Error Code: InvalidIdentityToken; Request ID: <requestID>). Please try again.

 

Applies To
  • Amazon Account Federation (formerly Amazon Web Services)
  • AWS IAM Identity Center
  • Security Assertion Markup Language (SAML)
Cause
During the upload of the metadata from Okta to AWS, the metadata may not have been loaded properly.
Solution
  1. From the Okta Admin Console, navigate to the AWS application in question and select the Sign On Tab.
  2. Right-click on the Identity Provider metadata and save it into the local directory in .xml format (screenshot attached for Amazon Identity Application).
  3. Log in to the Amazon Web Service Portal.
  4. In the Configure Provider screen, locate the SAML provider that was previously created.
  5. Click on the provider and re-upload the metadata from the SAML setup document generated from the AWS application in Okta.
  6. Validate that users can now access AWS.

 

Related References

Recommended content

Still looking for help?
Loading
Error when Logging Into AWS "AWSSecurityTokenService; Status Code: 400; Error Code: InvalidIdentityToken"