Sign in to Amazon AWS using SAML protocol and Keycloak as Identity Provider
Georgijs Radovs

Hi all,

I fought today to get this working with AWS and finally managed it, i will leave here the steps i did as it might help others:

In the client:

settings -> Name ID Format -> Persistente

Settings -> Include AuthnStatement -> ensure is enabled

Roles -> arn:aws:iam::<account_id>:role/readonlySaml,arn:aws:iam::<account_id>:saml-provider/<iam_saml_name>

Notice the comma in bettween, should be role arn + saml-provider arn

Scope -> Full Scope Allowed -> disabled

The remaining steps are the ones in the guide.


One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.