All news with #federation tag

🔐 AWS Security Token Service (STS) now validates select identity-provider-specific claims from Google, GitHub, CircleCI, and Oracle Cloud Infrastructure for OIDC federation via the AssumeRoleWithWebIdentity API. You can reference these custom claims as condition keys in IAM role trust policies and resource control policies to enforce finer-grained access control and establish data perimeters. This enhancement builds on IAM's OIDC federation capabilities and is available in all AWS Commercial Regions.

🔐 Amazon Cognito introduces inbound federation Lambda triggers that let you transform and customize federated user attributes during authentication. You can modify responses from external SAML and OIDC providers — adding, overriding, or suppressing attributes — before they are stored in your user pool to avoid issues such as Cognito's 2,048-character limit per attribute. The trigger is available via hosted UI (classic) and managed login in all AWS Regions and is configurable through the Console, CLI, SDKs, CDK, or CloudFormation.

🔐 Federated Identity Management (FIM) enables a single authentication to span multiple applications or organizations, letting users sign in once and reuse identity assertions across services. It improves user experience and resilience while introducing architectural complexity, potential vendor lock-in, and additional service costs. Implementations commonly rely on cloud identity providers such as Google, Microsoft, or Okta and use protocols like SAML, OAuth 2.0, and OpenID Connect.