Sentry SAML2 with AWS SSO

Hi,

I am using sentry 9.0 on-premise with the SAML-2 auth provider.
I try to set it up with Amazon’s AWS SSO service.

I created a new Application inside AWS SSO and downloaded the AWS SSO metadata. I pasted this metadata into the “Register Identity Provider” wizard part of sentry. Everything works fine. But then I notice that AWS requires the following Application metadata:

  • Application ACS URL
  • Application SAML audience

I queried the endpoint “saml/metadata//” and retrieved the ACS URL. However, I do not find the SAML audience.

Does someone know what the audience in this scenario is?
Did someone out here manage to get sentry’s SAML-2 authentication work with AWS SSO?

Best Regards,
Martin

Did you solve this problem?
I’m in this case too…

I used the XML from the https://sentry.example.com/saml/metadata/{org}/ to use the option “If you have a metadata file, you can upload it now instead.”.

After that, the URL was https://sentry.example.com/saml/metadata/{org}/