0

我正在使用 OKTA 对用户进行身份验证,然后尝试使用 STS 将我从 OKTA 获得的“access_token”交换为 AWS 凭证。

我的代码如下:

String authenticatedRoleARN = "arn:aws:iam::11111111:role/myapp-dev-ssm-lifecyclehook";
String awsAccountNumber = "22222222";
CognitoAWSCredentials cognitoCredentials 
    = new CognitoAWSCredentials(awsAccountNumber, "us-east-1:aaa55555-7aaa-4333-9222-4f45555c31b", null, authenticatedRoleARN, RegionEndpoint.USEast1);

Amazon.SecurityToken.AmazonSecurityTokenServiceClient securityTokenServiceClient
    = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(cognitoCredentials);
etSessionTokenRequest sessionTokenRequest = new GetSessionTokenRequest();
sessionTokenRequest.TokenCode = accessToken;    //this is the access_token received from OKTA when user is authenticated
sessionTokenRequest.DurationSeconds = 600;

GetSessionTokenResponse sessionTokenResponse = securityTokenServiceClient.GetSessionToken(sessionTokenRequest);

对 GetSessionToken 的调用失败,并出现错误“此身份池不支持未经身份验证的访问”。

任何想法可能导致这种情况和/或我可能做错了什么?

谢谢!!

4

0 回答 0