Hi Georgijs.
Guilherme Macedo
1

Hey, Guilherme!

It looks like, you’re try to pass one of the built-in Keycloak roles inside a “Session Role” SAML attribute to AWS.

FriendlyName=”Session Role” Name=”https://aws.amazon.com/SAML/Attributes/Role" NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:basic”><saml:AttributeValue xmlns:xs=”http://www.w3.org/2001/XMLSchema" xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance" xsi:type=”xs:string”>view-profile</saml:AttributeValue><saml:AttributeValue xmlns:xs=”http://www.w3.org/2001/XMLSchema" xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance" xsi:type=”xs:string”>arn:aws:iam::REMOVED:saml-provider/key,arn:aws:iam::REMOVED:role/keycloak-role

Amazon AWS SAML Keycloak client should contain AWS SAML IAM role, assigned to user or a user group, and pass it to Amazon AWS.

Show your support

Clapping shows how much you appreciated Georgijs Radovs’s story.