We have a Cognito user pool with customers from a different company. Our application needs to allow users to login and authorise API calls from our backend. We are looking for a way to federate Cognito user pool with Keycloak. By default Keycloak supports LDAP and Kebros. Is it possible to federate with the Cognito user pool?
Related
I am using AWS Cognito User pools to SignUp users. However my client applications are OKTA based. Once the users have signup and confirme their email address on cognito, I would like to be able to login with their credentials directly in the Okta apps, so that would require to create a user/password also on the Okta app. But that would require some development to take the cognito credentials and creating the Okta user with these credentials.
How can I integrate it directly, so once the user has confirmed the email, can automatically log into okta app? Also, if I invalidate a user on cognito, it should not have no longer access to Okta apps.
It's not possible. You would need to do all by hands: creating/modifying users in Okta after you do the same in Cognito.
All Okta - Cognito integrations suppose that you have your applications integrated with Cognito, which is integrated with Okta. Okta is your identity store and all creations/modifications are done there. Cognito only trusts information from Okta and allows user to sign-in into applications integrated with it
I have an Android app and an API secured with Auth0.
I'm developing an app for a new client, who has a large Cognito user pool.
Is it possible to use my current Auth0 setup to log in Cognito users via email/password and receive a Auth0 JWT?
I don't want to create a new Auth0 user for each Cognito user. At least not explicitly.
Thanks
If I understand you correctly, you want to use Auth0 as a service provider and AWS Cognito as an identity provider. In theory, you can use SAML protocol to achieve that. Try the following:
Configure Auth0 as SAML service provider. https://auth0.com/docs/protocols/saml/saml-sp-generic
Configure AWS Cognito AS Identity provider: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managing-saml-idp-console.html
Then, once you initiate the login flow in auth0, users will be redirected to AWS Cognito for user authentication. After successful user authentication, AWS should redirect the user Auth0 with SAML Assertion. In that stage, Auth0 will validate the assertion and will issue a JWT token. The user will be redirected to your application with JWT. Note that if this is the first login, auth0 will create a user profile.
https://auth0.com/docs/protocols/saml
The following AWS documentation explains how to configure auth0 as IDP.
https://aws.amazon.com/premiumsupport/knowledge-center/auth0-saml-cognito-user-pool/
We are planning to setup three applications, two of them are based on WordPress, and third one is based on Magento. We will deploy these three apps on AWS. We are looking for a tool to centralize the management of all the users for these three apps. We could grant different privilege and allow the different users have different right to these three apps. So, we should choose AWS Cognito or SSO?
You can use both if you go with cognito route. Cognito User pools handles your user management (registration, login, granting tokens) while Cognito Identity Pool lets you use any of the identity providers including user pool to exchange tokens for temporary aws credentials based on what role you have attached to the group of users.
Identity pools also accept SSO with 3rd part authentication providers (federated identity). You can sign in users on your user pool using social identity providers (facebook, google, amazon) or create one using Auth0.
AWS Cognito is the right fit for your application. AWS SSO is essentially a layer between active directories and services like Cognito or Firebase. AWS SSO helps in delegating access to AWS services and provides SAML/Oauth gateways connected to the active directories.
AWS Cognito on the other hand, allows you to easily integrate your login systems with any auth providers like AWS SSO, Okta, Auth0 and social media channels too. Hence, definitely considering your requirements, AWS Cognito user pool is the best fit.
I want to know the difference between AWS-Cognito and Shibboleth. I am unable to find the difference.
From what I can see shibboleth is a general SSO solution. It is comparable with cognito user pool which too provides user management services. The main difference between user pool and shibboleth would be that since user pools are a service offered by AWS they can be used by other AWS services directly like api gateway. IAM can be used to restrict access to signed admin API calls in userpool (eg: adminInitiateAuth)
Then we have cognito identity pool. This is used to grant access to aws resources. You can use various federated identities like facebook, amazon, openid etc as well as cognito user pool to authenticate and request for resources. You can also allow unauthenticated users to access resources.
I can't see how to authenticate a user using the AWS backend instead of a developer as shown here: http://docs.aws.amazon.com/cognito/latest/developerguide/developer-authenticated-identities.html
I want to login to the user accounts I created in my user pools in the Cognito dashboard. Anyone know how to log into a specific user identity in the Unity SDK?
The link you provided is for developer authenticated identities on Federate Identities which is different than the user accounts you have created in the User Pools.
In User Pools console you can go to the Users tab and see the user data. If you have created the users, you can use the credentials you set at creation to login to the user account.