Amazon Cognito Authentication

Verify and authenticate credentials using Amazon Cognito.

Support is enabled by including the following dependency in the WAR overlay:

1
2
3
4
5
<dependency>
  <groupId>org.apereo.cas</groupId>
  <artifactId>cas-server-support-aws-cognito-authentication</artifactId>
  <version>${cas.version}</version>
</dependency>

Configuration

To see the relevant list of CAS properties, please review this guide.

When you create the app client entry in the Amazon Cognito management console, make sure the app is able to support the ADMIN_NO_SRP_AUTH authentication flow and it is NOT assigned a secret key.

Troubleshooting

To enable additional logging, configure the log4j configuration file to add the following levels:

1
2
3
4
5
6
...
<AsyncLogger name="com.amazonaws" level="debug" additivity="false">
    <AppenderRef ref="console"/>
    <AppenderRef ref="file"/>
</AsyncLogger>
...