Skip to content

Commit

Permalink
feat(cognito): support provider details for `UserPoolIdentityProvider…
Browse files Browse the repository at this point in the history
…Saml` (#29588)

### Issue # (if applicable)

Closes #29494.
Closes #29598.

#29598 is really close issue and I tried to resolve it in this PR.
If it is not good to resolve multiple issues in 1 PR, I would separate this PR.

### Reason for this change

[`UserPoolIdentityProviderSaml` can configure `ProviderDetails`](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#aws-resource-cognito-userpoolidentityprovider-properties) but there are some items that is not configurable from AWS CDK.
- `EncryptedResponses`
- `RequestSigningAlgorithm`
- `IDPInit`

### Description of changes

Add 3 properties to `UserPoolIdentityProviderSamlProps`.
- `encryptedResponses`
- `requestSigningAlgorithm`
- `idpInitiated`

### Description of how you validated changes

Added both unit and integ tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
badmintoncryer authored Apr 17, 2024
1 parent 48731ad commit 375f1a6
Show file tree
Hide file tree
Showing 11 changed files with 472 additions and 62 deletions.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,6 @@
"poolclient2623294C": {
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"UserPoolId": {
"Ref": "pool056F3F7E"
},
"AllowedOAuthFlows": [
"implicit",
"code"
Expand All @@ -54,10 +51,13 @@
],
"SupportedIdentityProviders": [
{
"Ref": "cdk52888317"
"Ref": "samlProvider6C4CC492"
},
"COGNITO"
]
],
"UserPoolId": {
"Ref": "pool056F3F7E"
}
}
},
"pooldomain430FA744": {
Expand All @@ -69,17 +69,93 @@
}
}
},
"cdk52888317": {
"samlProvider6C4CC492": {
"Type": "AWS::Cognito::UserPoolIdentityProvider",
"Properties": {
"ProviderName": "cdk",
"ProviderDetails": {
"IDPSignout": false,
"MetadataURL": "https://fujifish.github.io/samling/public/metadata.xml",
"EncryptedResponses": true,
"RequestSigningAlgorithm": "rsa-sha256"
},
"ProviderName": "provider",
"ProviderType": "SAML",
"UserPoolId": {
"Ref": "pool056F3F7E"
}
}
},
"poolForIdpInitiatedSaml8B7CB492": {
"Type": "AWS::Cognito::UserPool",
"Properties": {
"AccountRecoverySetting": {
"RecoveryMechanisms": [
{
"Name": "verified_phone_number",
"Priority": 1
},
{
"Name": "verified_email",
"Priority": 2
}
]
},
"AdminCreateUserConfig": {
"AllowAdminCreateUserOnly": true
},
"EmailVerificationMessage": "The verification code to your new account is {####}",
"EmailVerificationSubject": "Verify your new account",
"SmsVerificationMessage": "The verification code to your new account is {####}",
"VerificationMessageTemplate": {
"DefaultEmailOption": "CONFIRM_WITH_CODE",
"EmailMessage": "The verification code to your new account is {####}",
"EmailSubject": "Verify your new account",
"SmsMessage": "The verification code to your new account is {####}"
}
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"poolForIdpInitiatedSamlidpInitiatedClientACB7B7B4": {
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"AllowedOAuthFlows": [
"implicit",
"code"
],
"AllowedOAuthFlowsUserPoolClient": true,
"AllowedOAuthScopes": [
"profile",
"phone",
"email",
"openid",
"aws.cognito.signin.user.admin"
],
"CallbackURLs": [
"https://example.com"
],
"SupportedIdentityProviders": [
{
"Ref": "samlProviderIdpInitiatedA5C8CB58"
}
],
"UserPoolId": {
"Ref": "poolForIdpInitiatedSaml8B7CB492"
}
}
},
"samlProviderIdpInitiatedA5C8CB58": {
"Type": "AWS::Cognito::UserPoolIdentityProvider",
"Properties": {
"ProviderDetails": {
"IDPSignout": false,
"MetadataURL": "https://fujifish.github.io/samling/public/metadata.xml"
"MetadataURL": "https://fujifish.github.io/samling/public/metadata.xml",
"IDPInit": true
},
"ProviderName": "IdPInitiatedProvider",
"ProviderType": "SAML",
"UserPoolId": {
"Ref": "poolForIdpInitiatedSaml8B7CB492"
}
}
}
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 375f1a6

Please sign in to comment.