Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SAML Metadata greater than 4,096 bytes #2

Open
szotrj opened this issue Dec 29, 2017 · 4 comments
Open

SAML Metadata greater than 4,096 bytes #2

szotrj opened this issue Dec 29, 2017 · 4 comments

Comments

@szotrj
Copy link

szotrj commented Dec 29, 2017

My SAML metadata is > 4,096 bytes, so it cannot be passed as a parameter. I'm trying to save it as a json file on S3 and use a Transform and AWS::Include, but can't get it to work.
AWS' recommendation for large parameter values is "To use a larger parameter value, create multiple parameters and then use Fn::Join to append the multiple values into a single value."
Any other suggestions?

@ghost
Copy link

ghost commented Jan 8, 2018

I have the same issue

@tomkingchen
Copy link

I can confirm facing the same issue. The template does work after I break the metadata into 4 pieces and join them back with Fn::Join. The pain point is I have to manually copy each piece into the parameter field. Using aws cli with paramter file returns error "Error parsing parameter '--parameters':Expected: '=',received: 'EOF' for input: "

@michaelpan1
Copy link

michaelpan1 commented Jan 16, 2019

I have also stumble upon that, fix that by modifying lamba function that it reads metadata file from S3 storage.

          def lambda_handler(event, context):
            bucketName = "<<your bucket name>>"
            objectKey = "metadata.xml"
            fileObject = s3.Object(bucketName,objectKey)
            provider_xml = fileObject.get()['Body'].read().decode('utf-8')
            #provider_xml = event['ResourceProperties']['Metadata']

aaa, remember to add s3 resource on the top:

          iam = boto3.client("iam")
          **s3 = boto3.resource("s3")**

@mvanholsteijn
Copy link

My SAML identity provider can be configured by specifying the URL of the SAML metadata, circumventing the need to copy&paste the metadata in the template and the 4k limit at the same time -> https://github.com/binxio/cfn-saml-provider

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants