Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Web Identity Federation

  1. Home
  3. AWS Certified Solutions Architect Professional (SAP-C02)
  5. Web Identity Federation
  • allows trusted third party to authneticate users
  • avoids to create and manage users
  • avoid users having multiple id’s; simplifies access control via roles.

Standard Web Identity Federation

  • Mobile user authenticates with Web Identity provider
  • WIP authenticates identity
  • Mobile user AssumeRole with STS via API
  • STS validates with WIP receives success/failure notification
  • success response verifies Role Trust policy
  • STS provide Temp access credentials to Mobile User
  • Mobile User use Temp credentials to use service

Cognito

  • identity management and sync service
  • 2 product streams
  • cognito identity pool – collection of identities
  • allows 2 roles to be associated one for authenticated user other for unauthenticated users
  • It can
    • orchestrate generation of unauthenticated identity
    • merge unauth identity into auth identity
    • merge multiple entities into one object
  • Cognito Authenticated flow: Classic or Basic / Enhanced
  • First step to Login to Web Identity provider, rest are same as unauthenticated flow.
  • Enhanced flow, communicate all time with Cognito.
  • pre-cognito auth flow, unautheticated or guest flow, simple cognito flow, enhanced cognito flow.
  • why and when to use web id provider – when you need to publish app or service to thousands of users.

Cognito Unauthenticated flow:

  • Mobile user create unauthenticated identity
  • Coginto returns OpenID Token
  • Mobile User AssumeRole with STS
  • STS validates with Cognito
  • STS returns AWS Guest credentials
  • Mobile users Write data
Menu