AWS OIDC auth fails when role trust relationship has app_id configured

23 views Asked by At

I'm using AzureAD as my IdP. AWS OIDC authentication is successful if I just have "aud", "sub" checks in my role trust relationship but if I add "app_id" then the AWS OIDC authentication fails. I followed the AWS documentation page (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html).

Please look at the video recording for further details (https://balupublicclouds.blob.core.windows.net/aws-oidc-auth/AWS-OIDC-auth-appId-trustrelation-failure.mp4)

Please find the complete aws cloud formation template used here (https://github.com/aws-cloudformation/cloudformation-cli/files/13302123/OIDCauth-V1-outlook-tenant.txt)

Please let me know if I miss anything.

0

There are 0 answers