
zvbyy (zvbyy) asked a question.
Trying to setup SAML based Single Sign On for AWS. Getting 400 BAD REQUEST. Unable to get the SAML assertion xml or able to see any error logs in OKTA. I am stumped as to how to proceed.
Note: The 400 BAD REQUEST is happening only with AD synced users. Standalone users in OKTA are able to log into AWS App fine.

Hi Jay,
Thanks for posting your inquiry in Okta Community Portal.
By looking into the error, I would suggest you to confirm ACS URL/SSO URL etc. by checking the configuration document.
https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Amazon-Web-Service
In order to trouble shoot this further, please feel free to raise a case with Okta Support. Also, include a SAML trace which helps to captures details of SAML request and response.
You may acquire a SAML trace by following this document: https://developer.okta.com/docs/guides/saml-tracer/overview/