xm7rs (xm7rs) asked a question.
Can anyone confirm this works in GovCloud and provide any deviations from the instructions below
https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Amazon-AppStream-2-0.html
I've followed the instructions, and accounted for AWS GovCloud specific differences, but the integration seems only results in a 400 error to attempt to sign on through the AWS commercial SAML endpoint and results in a 400 error at https://signin.aws.amazon.com/saml -- which shouldn't be where the sign in should be happening. In working GovCloud AWS console integrations these urls are being used.
AWS SSO ACS URL
https://us-gov-west-1.signin-fips.amazonaws-us-gov.com/platform/saml/acs/...
AWS SSO issuer URL
https://us-gov-west-1.signin-fips.amazonaws-us-gov.com/platform/saml/...
Hi @xm7rs (xm7rs) , Thank you for reaching out to the Okta Community!
The applications listed in the catalogue a typically submitted by the Service Provide via the submission process, so they should be able to give you more details about the app capabilities beyond what is documented on our side.
That being said, I took a look on the back-end and can confirm that it is hardcoded to use https://signin.aws.amazon.com/saml and it does not offer any way of configuring a different one or setting up a gov instance.
I recommend reaching out to Amazon to discuss the matter to perhaps have them update/enhance the app version to for additional configuration and then publish the new version to the Okta Integration Network.
In the meantime, you could try the generic SAML app setup using the Application Integration Wizard, to see if that works with the gov endpoints.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Community members help others by clicking Like or Select as Best on responses. Try it today.