Amazon time for user can access the AWS Management Console not changing

I have a rails application and I have implemented AWS Cognito for external federated identities, that working fine.

Now I pass SAML response to get_credentials_for_identity and I get valid response but the credentials I get are valid for 60 minutes only, although I am getting https://aws.amazon.com/SAML/Attributes/SessionDuration attribute with value 43200 in SAML response from external SSO, My question is what I am doing wrong here, why AWS credentials received are not valid for 12 hours as expectation?

Part of SAML Response I am getting

    <saml:Attribute Name=\"https://aws.amazon.com/SAML/Attributes/SessionDuration\">         <saml:AttributeValue             xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"             xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">43200         </saml:AttributeValue>     </saml:Attribute> 

Guides that I referred are http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html

1 Answers

Answers 1

The temporary AWS credentials vended by Cognito Federated Identity service always expire in 60 minutes. Cognito does not set the AWS session expiry based on the expiry of SAML assertion or OpenId token.

If You Enjoyed This, Take 5 Seconds To Share It

• Facebook
• Twitter
• Google+
• StumbleUpon
• Digg
• Delicious
• LinkedIn
• Reddit
• Technorati