-
Hi Salient Listener,
Thank you for your detailed review and feedback.
You are right, applications cannot directly authenticate against LDAP. The typical flow for LDAP integration with AWS using federation would be:a) The application authenticates the user against the on-premises LDAP server. b) After successful LDAP authentication, the application calls an identity broker/federation proxy. c) The identity broker authenticates against LDAP again to verify the user’s identity. d) The identity broker then calls AWS STS AssumeRole* API to get temporary AWS credentials for an IAM role mapped to the user/group. e) The temporary credentials are passed back to the application, which can then access AWS resources permitted by the assigned IAM role.
With that note, we already made the necessary changes for this question accordingly. It should be reflected as soon as our admin approves the changes.
Thank you once again for helping us improve our content.Regards,
Neil @ tutorials dojo
