I have enabled the aws sso in that created one saml Application, when we login using aws sso we can able to see the saml application,but i cant able to change the logo of application, is there any way to change the icon/logo of saml application?
enter image description here
any suggestion that would be helpful for me.
Related
Can we use Google custom SAML App as idp with ITfoxtec.Identity.Saml2? I have created a Google SAML app but didn't know how to find ACR Url and Entity ID.
Is there any brief example to implement SSO in ASP.NET with Google SAML App?
It is possible to use Google as an IdP, if that is what you are trying to do?
I do not have an example.
Does anyone know if Cognito supports Okta native SSO?
I am trying to integrate with an AWS Cognito flow using Okta as an external idP.
You can find more on the design on Okta SSO.
--
I am working on a solution that authenticates an embedded view in a mobile app without needing to show any prompt to the user if they are already logged in. A web-SSO flow will trigger an "iOS prompt" every time the embedded view is being accessed. This embedded view is from a third party that uses Cognito while the mobile app uses Okta.
Here's more info on the prompt -https://developer.okta.com/blog/2022/01/13/mobile-sso
Cognito works with Okta based on browser communication, regardless what you choose: SAML or OIDC integration between Cognito and Okta.
So if you envision that you'll get this flow invoked through a browser, I don't see any difference between native or web-SSO.
But if you hope to use a token obtained from Okta through native-SSO to sign-into Cognito, I'd lean towards saying "no".
Maybe someone with real experience corrects me though.
We have web application with keycloak as identity broker, google SAML app as IDP for google managed workspace for domain say mycompany.com. Integration works fine for except a case described below.
If user is logged in with only one non SAML app google account, google returns
403 Error: app_not_configured_for_user.
i.e. If I am logged as with my personal gmail acccount & not with mycompany.com account
I have inspected SAML AuthnRequest payload SAML tracer which has ForceAuthn="true" but still it does not show up account chooser page.
I went through couple of stackoverflow threads. Few provided solution about using account chooser url and redirecting it to auth page https://accounts.google.com/accountchooser?continue={theredirectURL}.
Looking at community to help suggesting clean solution.
This error pretty much depends on which account is the primary one in the Google account chooser as it always takes that to complete the sign in process automatically.
There is no official way or setting from Google to do this, however the mosto commonly used workaround is to add the following URL to the Start URL section of the SAML app settings for it to force the authentication whenever you click on it.
https://accounts.google.com/AccountChooser?continue=https://accounts.google.com/o/saml2/initsso?idpid=[REPLACE]s&spid=[REPLACE]&forceauthn=false
There are 2 parameters that you need to replace in that URL and you need to get them from the Google apps menu next to your profile picture, then hover over the SAML app that you want to change and right click on it, then copy the link address and that will show the idpid and spid values.
we're trying to integrate keycloak with native app but the login/registration oauth2 flow with keycloak presents the default login page which doesn't fit our requirements about material design user screens
I see that there are few options to customise the login screen :
Customise the theme provided by keycloak or Deploy new theme to JBoss
Add a nodejs api-server to interact with mobile app and use keycloak.grantManager.obtainDirectly API but this uses grantType=password in keycloak-connect package - keycloak-connect
More information about obtainDirectly
The first option is bit tedious so we have implemented the second option, but that comes with grantType=password flow which is not recommended by oauth
I would like to know if there is any solution from keycloak to use custom login with Authorization Code
I want to use yammer api in my app. For that I created yammer app from https://www.yammer.com/client_applications and then called link
https://www.yammer.com/dialog/oauth?client_id=[:client_id]&redirect_uri=[:redirect_uri]&response_type=token
as described in yammer documentation.
The problem is when i enter the mail address i am redirected to SSO platform of the enterprise.
Is there a possibility to disable SSO only for this app ?
Or is there any way to avoid redirection to SSO platform ?
Thanks in advance.
No, it is not possible to disable SSO at the app level. All user authentication request must go through the SSO flow if SSO is enabled for the yammer network.