SAML Metadata greater than 4,096 bytes

Question

SAML Metadata greater than 4,096 bytes

szotrj opened this issue 7 years ago · 4 comments

My SAML metadata is > 4,096 bytes, so it cannot be passed as a parameter. I'm trying to save it as a json file on S3 and use a Transform and AWS::Include, but can't get it to work.
AWS' recommendation for large parameter values is "To use a larger parameter value, create multiple parameters and then use Fn::Join to append the multiple values into a single value."
Any other suggestions?

Answer 1 · 2018-01-08T05:37:13.000Z

I have the same issue

Answer 2 · 2018-08-02T23:04:05.000Z

I can confirm facing the same issue. The template does work after I break the metadata into 4 pieces and join them back with Fn::Join. The pain point is I have to manually copy each piece into the parameter field. Using aws cli with paramter file returns error "Error parsing parameter '--parameters':Expected: '=',received: 'EOF' for input: "

Answer 3 · 2019-01-16T08:47:12.000Z

I have also stumble upon that, fix that by modifying lamba function that it reads metadata file from S3 storage.

          def lambda_handler(event, context):
            bucketName = "<<your bucket name>>"
            objectKey = "metadata.xml"
            fileObject = s3.Object(bucketName,objectKey)
            provider_xml = fileObject.get()['Body'].read().decode('utf-8')
            #provider_xml = event['ResourceProperties']['Metadata']

aaa, remember to add s3 resource on the top:

          iam = boto3.client("iam")
          **s3 = boto3.resource("s3")**

Answer 4 · 2019-11-25T19:29:06.000Z

My SAML identity provider can be configured by specifying the URL of the SAML metadata, circumventing the need to copy&paste the metadata in the template and the 4k limit at the same time -> https://github.com/binxio/cfn-saml-provider