AWS SSO using DAG and AD


We want to use DUE for SSO and MFA authentication to AWS

I used the configuration from your documentation but still, the Saml response is invalid

Duo Protection for Amazon Web Services (AWS) | Duo Security and I followed this

I can sign into Duo just fine and once passed to aws we get an invalid saml response error

Amazon Web Services Sign In

Your request included an invalid SAML response. To logout, click here

Is there any other reason why this might be ?


You can enable debug logging on the Duo Access Gateway and try logging in again, and then examine the output to determine what is incorrect in the SAML assertion.

If this doesn’t help you figure it out, please contact Duo Support and supply the DAG debug output. Please do not post your DAG debug log here as the SAML logging may reveal sensitive information not appropriate for a public forum.