I have my UI application which uses AWS Cognito for user authentication. We have successfully integrated the SAML identity provider in our Cognito UserPool.

Now i want to support SSO using AD FS.

Below is my URL which i can use to ADFS login.

https://adfs.DOMAIN.com/adfs/ls/IdpInitiatedSignOn.aspx

I have read this AWS Doc to configure for any aws management console.

But what steps i should follow to enable this for Cognito.

Any help?

From the Amazon Developer Forums: "Cognito User Pools do not currently support the IdP-initiated SAML flow."

If you are able to use Open-ID rather than SAML you will be able to overcome this issue. If SAML is a must, you may have to wait until support for the IdP-initiated SAML flow is provided.

The accepted answer is outdated.

Recently AWS has released support for IDP-initiated SAML: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-session-initiation.html#cognito-user-pools-SAML-session-initiation-idp-initiation

To use IDP-initiated SAML, you simply toggle "Accept SP-initiated and and IdP-initiated SAML assertions" in your User Pool config like so:

To get the SAML IDP-initiated flow to work, you will need to configure the RelayState in the IDP. The relay state should look like this:

identity_provider<your_cognito_dip>&client_id<the_cognito_app_client_id>&scope=openid+profile+email+aws.cognito.signin.user.admin&response_type=code&redirect_uri=<your_callback>

When cognito invokes the callback URI, it will include the authorization code as a URL query param. In your application, you can parse the code out of the URL to get data for the authenticated user.