I’m currently working on implementing SAML-based login and API request authorization using AWS API Gateway, Lambda Authorizer, and a Microsoft Identity Provider (IDP). The architecture I’m following involves several steps (refer image below), and I’m seeking clarification on two specific points:
1. Receiving the SAML Token on My Page (Step 3): I’m unclear about how my web page should receive the SAML token. What is the recommended approach for obtaining the SAML token after a successful login? Are there specific API endpoints or protocols involved in this step?
2. Lambda Authorizing the Token with the IDP (Step 6): I’m also seeking guidance on how the Lambda Authorizer should handle the authorization process with the Microsoft IDP. What steps should the Lambda function take to validate and authorize the received SAML token against the IDP?
Any insights, code snippets, or references to relevant documentation would be greatly appreciated. I’m looking forward to a clearer understanding of these specific steps in the SAML-based login and authorization process.
