I have tried adjusting this for govcloud, but I cannot get it to work
I have tried different ways, wiping it out and restarting from scratch, but I keep getting the error.
I keep getting:
Due to the 1 picture per post, and 2 url limit per post, I am unable to add extra details in this post.
Hey @dswettrds , welcome to the QuickSight community!
I’ve never tried to create this set up but I would recommend trying the set up instructions from the blog below instead. This is specific to GovCloud set ups:
Yes, I have had that setup for years and it works fine.
Quicksight though does not.
Configuring it as recommended, using quicksight in govcloud, and sso in us-east-1 I get the HTTP ERROR 405, when it ends at this url, https://us-gov-west-1.quicksight.amazonaws-us-gov.com/sn/auth/signin?enable-sso=1
This is when I am logged into aws sso and click quicksight icon.
If I use the https://us-gov-west-1.quicksight.amazonaws-us-gov.com/sn/auth/signin?enable-sso=1 url to start the process, it ends up with an us-east-1 sso signin error, It’s not you, it’s us, we couldn’t complete your request right now. Please try again later.
I adjusted the IDP URL in quicksight to the correct google saml application spid we use to login to aws sso in us-east-1
It seems the aud isn’t always consistant when it maps the role, in google I have urn:amazon:webservices:govcloud configured. This works fine if I login using the google app icon for the saml app.
If I login via hitting quicksight and it directing me to google for login though, it uses the saml/acs/xxx aud though. (stupid 2 link rule)
So to handle all the cases, I had to configure it like so:
“SAML:aud”: [
“urn:amazon:webservices:govcloud”,
“https://signin.amazonaws-us-gov.com/saml/acs/SAMLXXXXXXXXXX”,
“AWS Signin”
]
