A solutions architect has implemented a SAML 2.0 federated identity solution with their company's on-premises identity provider (IdP) to authenticate users' access to the AWS environment. When the solutions architect tests authentication through the federated identity web portal, access to the AWS environment is granted. However, when test users attempt to authenticate through the federated identity web portal, they are not able to access the AWS environment. Which items should the solutions architect check to ensure identity federation is properly configured? (Choose three.)
A) The IAM user's permissions policy has allowed the use of SAML federation for that user.
B) The IAM roles created for the federated users' or federated groups' trust policy have set the SAML provider as the principal.
C) Test users are not in the AWSFederatedUsers group in the company's IdR.
D) The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of the SAML provider, the ARN of the IAM role, and the SAML assertion from IdR.
E) The on-premises IdP's DNS hostname is reachable from the AWS environment VPCs.
F) The company's IdP defines SAML assertions that properly map users or groups in the company to IAM roles with appropriate permissions.
Correct Answer:
Verified
Q684: A company decided to purchase Amazon EC2
Q685: A company has a web application that
Q686: A solutions architect needs to advise a
Q687: A European online newspaper service hosts its
Q688: A solutions architect is designing a disaster
Q690: A financial services company receives a regular
Q691: A company is launching a web-based application
Q692: A mobile app has become very popular,
Q693: A company wants to improve cost awareness
Q694: A company has a media catalog with
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents