<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jo0SABOkta Classic EngineOkta Integration NetworkAnswered2024-04-16T13:10:57.000Z2017-12-15T11:04:11.000Z2018-08-07T18:21:16.000Z

zunh0 (zunh0) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
AWS Error: Specified provider doesn't exist
I've successfully tested OCC with AWS and a single AWS account. However, after following the setup instructions to reconfigure OCC to work with AWS across multiple accounts, any attempt to select a role on AWS results in this error:

 

Specified provider doesn't exist (Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlManifestNotFoundException; Request ID: 4de41592-e186-11e7-baa5-17bd1328b919) (Service: AWSSecurityTokenService; Status Code: 400; Error Code: InvalidIdentityToken; Request ID: 4de3c7de-e186-11e7-af96-255bc4cc42a8). Please try again.

 

OCC is successfully fetching the roles from all accounts and I've configured my OCC account to be able to select different roles from different accounts. However, it doesn't matter which role I pick, I get the same error.

 

What isn't clear in the documentation is how the trust policy in each role should be configured in a multi-account scenario. It isn't clear if I should be using the ARN for the master account IDP or the ARN for the IDP in that specific account.

 

I've actually tested both ARNs and neither works.

 

I'm completely stuck as to what has gone wrong here.

 

  • 2 answers
  • 5.74K views
1za4g likes this.

  • cosmin.olteanu1.4793088156579675E12 (Okta, Inc.)

    New integrations should follow the setup instructions from the Sign On tab and on the View Setup Instructions section of the Amazon Web Services app in OAN. In the case that every step has been followed from the guide and you are still encountering this issue, then the issue may reside on the AWS configuration. Please check the AWS documentation regarding the trust policy. 

     

    If you still require assistance from us, please feel free to open a support case with us and we will be able to assist you further.

     

    Thank you for choosing Okta!
    Expand Post

  • ChadF.40308 (Customer)

    I too am having this issue after we purchased the license.  Our trial account was working but then when I started rolling it out, I got the same message when trying to login to AWS.

     

    Specified provider doesn't exist (Service: AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlManifestNotFoundException; Request ID: 84972d44-9a6e-11e8-98e7-7350ac7496b6) (Service: AWSSecurityTokenService; Status Code: 400; Error Code: InvalidIdentityToken; Request ID: 84964209-9a6e-11e8-b0c6-49fa14afc055). Please try again.

     

    The user sees the list of roles on the screen, selects one and this error comes at the top of the page.
    Expand Post
This question is closed.
Loading
AWS Error: Specified provider doesn't exist