Provide support in CDK for Cognito SAML signing and encryption #29494

rcoundon · 2024-03-14T22:06:39Z

Describe the feature

With this announcement Cognito began to support Cognito SAML signing and encryption.
However, this isn't yet available in Cloudformation or CDK

Use Case

If I do set these values in the console, each deployment that makes a change to the UserPoolIdentityProviderSaml resets the options back to false so we can’t really use the feature without remembering to reset it manually after each deployment.

Proposed Solution

Provide flags in UserPoolIdentityProviderSaml to enable these features

Other Information

No response

Acknowledgements

I may be able to implement this feature request
This feature might incur a breaking change

CDK version used

2.132.1

Environment details (OS name and version, etc.)

TypeScript CDK

The text was updated successfully, but these errors were encountered:

tim-finnigan · 2024-03-15T18:04:02Z

Thanks for the feature request - it looks like this is supported in CloudFormation, saw a recent issue in the coverage roadmap repository: aws-cloudformation/cloudformation-coverage-roadmap#1963.

Documentation for reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#cfn-cognito-userpoolidentityprovider-providerdetails

rcoundon · 2024-03-15T22:09:18Z

Great - I didn't find that documentation when I looked. I'm not too familiar with using the Cfn constructs in CDK and with ProviderDetails being typed as any I overlooked it. Thanks, this gets me what I need and I'll update when the CDK specific construct gets updated.

…Saml` (#29588) ### Issue # (if applicable) Closes #29494. Closes #29598. #29598 is really close issue and I tried to resolve it in this PR. If it is not good to resolve multiple issues in 1 PR, I would separate this PR. ### Reason for this change [`UserPoolIdentityProviderSaml` can configure `ProviderDetails`](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#aws-resource-cognito-userpoolidentityprovider-properties) but there are some items that is not configurable from AWS CDK. - `EncryptedResponses` - `RequestSigningAlgorithm` - `IDPInit` ### Description of changes Add 3 properties to `UserPoolIdentityProviderSamlProps`. - `encryptedResponses` - `requestSigningAlgorithm` - `idpInitiated` ### Description of how you validated changes Added both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2024-04-17T22:07:08Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

rcoundon added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Mar 14, 2024

github-actions bot added the @aws-cdk/aws-cognito Related to Amazon Cognito label Mar 14, 2024

tim-finnigan self-assigned this Mar 15, 2024

tim-finnigan added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Mar 15, 2024

tim-finnigan added p2 effort/medium Medium work item – several days of effort and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Mar 15, 2024

tim-finnigan removed their assignment Mar 15, 2024

github-actions bot mentioned this issue Mar 18, 2024

Weekly issue metrics report #29526

Closed

badmintoncryer mentioned this issue Mar 23, 2024

feat(cognito): support provider details for UserPoolIdentityProviderSaml #29588

Merged

1 task

Booligoosh mentioned this issue Mar 25, 2024

(cognito): Add idpInitiated flag to UserPoolIdentityProviderSaml #29598

Closed

2 tasks

github-actions bot mentioned this issue Apr 1, 2024

Monthly issue metrics report #29667

Closed

mergify bot closed this as completed in #29588 Apr 17, 2024

This was referenced May 23, 2024

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#98

Open

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#99

Open

rwlxxvii mentioned this issue May 27, 2024

[Snyk] Upgrade aws-cdk-lib from 2.136.1 to 2.140.0 rwlxxvii/containers#124

Merged

NOUIY mentioned this issue May 30, 2024

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#101

Open

NOUIY mentioned this issue Jun 7, 2024

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#102

Open

niravparikh05 mentioned this issue Jun 13, 2024

[Snyk] Upgrade aws-cdk from 2.65.0 to 2.142.1 paralus/eks-blueprints-addon#3

Open

NOUIY mentioned this issue Jun 14, 2024

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#103

Open

snyk-io bot mentioned this issue Jun 20, 2024

[Snyk] Upgrade aws-cdk-lib from 2.138.0 to 2.143.1 Opetushallitus/heratepalvelu#280

Open

This was referenced Jun 20, 2024

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#104

Open

[Snyk] Upgrade: , aws-cdk NOUIY/aws-solutions-constructs#105

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Provide support in CDK for Cognito SAML signing and encryption #29494

Provide support in CDK for Cognito SAML signing and encryption #29494

rcoundon commented Mar 14, 2024

tim-finnigan commented Mar 15, 2024

rcoundon commented Mar 15, 2024

github-actions bot commented Apr 17, 2024