RE: AWS identity provider integration

I was able to get the integration to work by setting Authorized redirect URLs to localhost:35001 per the aws vpn client documentation.

Proxy logs shows the 405 and &userState=AuthenticatedRegistrationNotVerified

@dan

Fusionauth prompts the client for their username and password. Upon logging in it redirects me back to the base URL https://auth.<company>.com which throws a 405 status code. Error pasted below. I updated my cors to allow post methods and a bunch of headers as well as that url. Any suggestions?

This page isn’t workingIf the problem continues, contact the site owner.
HTTP ERROR 405

@dan I was able to fix that error by making the entity ID urn:amazon:webservices:clientvpn. Seems obvious now.

@dan I do have debugging on but Im not seeing anything in the logs.

I was able to setup fusionauth as an AWS IdP. When AWS Client VPN tries to connect it redirects to fusionauth login, but throws this error. Any suggestions?

{
"code" : "Requester",
"message" : "The AuthnRequest contained an invalid issuer [urn:amazon:webservices:clientvpn] that does not map to an Application in FusionAuth"
}

I would expect fusionauth to issue a login page where the user would login which would then grant access to the VPN.

Can I point AWS identity provider to fusionauth? Curious if there are any docs on this if its possible. I assume it will be SAML? Looks like OpenID is an option as well?

Thanks,

Cory