Package com.cloudforgeci.api.security

Class CognitoSamlFactory

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
com.cloudforgeci.api.core.annotation.BaseFactory
com.cloudforgeci.api.security.CognitoSamlFactory
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
public class CognitoSamlFactory extends BaseFactory
Cognito SAML Factory for applications requiring SAML authentication.

This factory configures Amazon Cognito User Pool as a SAML 2.0 Identity Provider for applications that need SAML for features like group synchronization (e.g., Mattermost).

Why Cognito SAML over Identity Center SAML:

  • Full API Support: Cognito SAML configuration is fully automatable via AWS API
  • Attribute Mapping: Can configure SAML attribute mappings programmatically
  • No Console Steps: Unlike Identity Center, no manual console configuration required

Quick Start:

 {
   "authMode": "application-oidc",
   "oidcProvider": "cognito-saml",
   "cognitoAutoProvision": true,
   "cognitoDomainPrefix": "myapp-auth"
 }

What Gets Created:

  • SAML 2.0 provider configuration on existing Cognito User Pool
  • SAML attribute mappings (email, firstName, lastName, groups)
  • IdP certificate stored in Secrets Manager for application use
  • SAML metadata URL for application auto-configuration

Cognito SAML Endpoints:

  • SSO URL: https://cognito-idp.{region}.amazonaws.com/{userPoolId}/saml2/idp/SSO
  • Metadata: https://cognito-idp.{region}.amazonaws.com/{userPoolId}/saml2/idp/metadata
  • Logout: https://cognito-idp.{region}.amazonaws.com/{userPoolId}/saml2/logout
See Also:

  • Nested Class Summary

    Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

    software.amazon.jsii.JsiiObject.InitializationMode

    Nested classes/interfaces inherited from interface software.constructs.IConstruct

    software.constructs.IConstruct.Jsii$Default, software.constructs.IConstruct.Jsii$Proxy

  • Field Summary

    Fields inherited from class com.cloudforgeci.api.core.annotation.BaseFactory

    cfc, config, ctx

  • Constructor Summary

    Constructors
    Constructor
    Description
    CognitoSamlFactory(software.constructs.Construct scope, String id)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    create()
    Abstract method that must be implemented by all factory subclasses.

    Methods inherited from class com.cloudforgeci.api.core.annotation.BaseFactory

    getDeploymentContext, getSecurityProfileConfiguration, getSystemContext

    Methods inherited from class software.constructs.Construct

    getNode, isConstruct, toString

    Methods inherited from class software.amazon.jsii.JsiiObject

    jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    Methods inherited from interface software.amazon.jsii.JsiiSerializable

    $jsii$toJson

  • Constructor Details

    • CognitoSamlFactory

      public CognitoSamlFactory(software.constructs.Construct scope, String id)

  • Method Details

    • create

      public void create()
      Description copied from class: BaseFactory
      Abstract method that must be implemented by all factory subclasses. This method should contain the actual infrastructure creation logic.
      Specified by:
      create in class BaseFactory