How to get SAML Assertion through an API


I am creating an application and want to use Okta as an IdP to login to AWS, I was looking for API’s with which I can get the SAML assertion from Okta.

I have figured out that the Post request “/api/v1/authn” has to be used to get the session token and then a Get request to “/home/[APP_NAME]/[APP_ID]?onetimetoken=[SESSION_TOKEN]” with the session token received from the previous call. Is this the only way to get the SAML Assertion?

Since the second call returns an HTML response and I will have to parse that response in-order to get the SAMLRespone, I am suspecting that we might have some other API of which I am not aware of and which could help me get the SAMLResponse in a better way.

Can somebody help me with this and guide me to the correct API?



I am not sure why you need to parse the response to get the SAML Response?

If Okta is an external IdP to AWS then the SAML Response should be sent directly to AWS either via a http redirect or form_post (which I assume is the HTML you are parsing).

I am parsing the HTML response because the product I am working on does not have any interface, instead it is a simple java program. So in order to get the credential’s from AWS STS, I need to parse the HTML and get the SAML Response which is then sent to STS service to get the temporary credentials.

This is a very unhelpful answer. Nothing gets magically sent to AWS. Some of us are building that very functionality.
I’m dealing with the same issue. I’ve poured over your documentation, and it seems like you authenticate with a REST API and then have to switch over to HTML, mixing two paradigms. That is what has to be parsed, the html. Why isn’t there a json response with saml?

1 Like

Exactly, that’s what I am looking for. Instead of parsing an HTML page, I just want an API which will get me the SAMLResponse.

1 Like

I am also looking saml assertion as a direct response without HTML parsing.