Data Source: AWS CloudTrail UpdateSAMLProvider

Date: 2025-01-23

ID: e5eb628d-711e-499c-87d9-8fa5dee419ec

Author: Patrick Bareiss, Splunk

Logs an event when a SAML provider is updated in AWS.

Property Value
Source aws_cloudtrail
Sourcetype aws:cloudtrail
Separator eventName
+ Fields 

            1
            _time
          
            3
            action
          
            5
            app
          
            7
            awsRegion
          
            9
            aws_account_id
          
            11
            change_type
          
            13
            command
          
            15
            date_hour
          
            17
            date_mday
          
            19
            date_minute
          
            21
            date_month
          
            23
            date_second
          
            25
            date_wday
          
            27
            date_year
          
            29
            date_zone
          
            31
            dest
          
            33
            dvc
          
            35
            errorCode
          
            37
            eventCategory
          
            39
            eventID
          
            41
            eventName
          
            43
            eventSource
          
            45
            eventTime
          
            47
            eventType
          
            49
            eventVersion
          
            51
            eventtype
          
            53
            host
          
            55
            index
          
            57
            linecount
          
            59
            managementEvent
          
            61
            msg
          
            63
            object_category
          
            65
            product
          
            67
            punct
          
            69
            readOnly
          
            71
            recipientAccountId
          
            73
            region
          
            75
            requestID
          
            77
            requestParameters.sAMLMetadataDocument
          
            79
            requestParameters.sAMLProviderArn
          
            81
            responseElements.sAMLProviderArn
          
            83
            signature
          
            85
            source
          
            87
            sourceIPAddress
          
            89
            sourcetype
          
            91
            splunk_server
          
            93
            src
          
            95
            src_ip
          
            97
            start_time
          
            99
            status
          
            101
            tag
          
            103
            tag::eventtype
          
            105
            timeendpos
          
            107
            timestartpos
          
            109
            user
          
            111
            userAgent
          
            113
            userIdentity.accessKeyId
          
            115
            userIdentity.accountId
          
            117
            userIdentity.arn
          
            119
            userIdentity.principalId
          
            121
            userIdentity.sessionContext.attributes.creationDate
          
            123
            userIdentity.sessionContext.attributes.mfaAuthenticated
          
            125
            userIdentity.sessionContext.sessionIssuer.accountId
          
            127
            userIdentity.sessionContext.sessionIssuer.arn
          
            129
            userIdentity.sessionContext.sessionIssuer.principalId
          
            131
            userIdentity.sessionContext.sessionIssuer.type
          
            133
            userIdentity.sessionContext.sessionIssuer.userName
          
            135
            userIdentity.type
          
            137
            userName
          
            139
            user_access_key
          
            141
            user_agent
          
            143
            user_arn
          
            145
            user_group_id
          
            147
            user_id
          
            149
            user_name
          
            151
            user_type
          
            153
            vendor
          
            155
            vendor_account
          
            157
            vendor_product
          
            159
            vendor_region
          
            161
...
not set
1{"eventVersion": "1.08", "userIdentity": {"type": "AssumedRole", "principalId": "AROAYTOGP2RLKFUVAQAIJ:rodsoto@rodsoto.onmicrosoft.com", "arn": "arn:aws:sts::111111111111:assumed-role/rodonmicrotestrole/rodsoto@rodsoto.onmicrosoft.com", "accountId": "111111111111", "accessKeyId": "ASIAYTOGP2RLMZGPIW6C", "sessionContext": {"sessionIssuer": {"type": "Role", "principalId": "AROAYTOGP2RLKFUVAQAIJ", "arn": "arn:aws:iam::111111111111:role/rodonmicrotestrole", "accountId" : "111111111111", "userName": "rodonmicrotestrole"}, "webIdFederationData": {}, "attributes": {"mfaAuthenticated": "false", "creationDate": "2021-01-20T03:10:32Z"}}}, "eventTime": "2021-01-20T03:12:39Z", "eventSource": "iam.amazonaws.com", "eventName": "UpdateSAMLProvider", "awsRegion": "us-east-1", "sourceIPAddress": "66.176.252.11", "userAgent": "aws-internal/3 aws-sdk-java/1.11.930 Linux/4.9.230-0.1.ac.223.84.332.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.275-b01 java/1.8.0_275 vendor/Oracle_Corporation", "requestParameters": {"sAMLMetadataDocument": "<?xml version=\"1.0\" encoding=\"utf-8\"?><EntityDescriptor ID=\"_6898aaf1-1639-44d4-956b-5bf936af37f1\" entityID=\"https://sts.windows.net/0e8108b1-18e9-41a4-961b-dfcddf92ef08/\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" /><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\" /><Reference URI=\"#_6898aaf1-1639-44d4-956b-5bf936af37f1\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" /><Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" /></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" /><DigestValue>ncp+pf0e75KdoRTy1PQeu74OKXjcVNM+bnT7Ns6cwQI=</DigestValue></Reference></SignedInfo><SignatureValue>J9PRCq201gGMzMtt4Ye+gsM7xOgrNvDg/usqIMvsyUy2r/MeTBz5FKCK+Okjwm49vyTWUoUioYGiwm/TD2Knv59g1zy+/OjZcmBJgDrCmksFJdkwG/fDlOZQNGuj2qh1CEKL5n6Ipy2z1dQ9XUmhhndtXNnjdZ0fJ9QWufWoxveSCLHcU7eUB9obwq96pbAp+6as0XreMNC/xPv5gDdHfKaIppsXtEwcZY7m1c25jDWqPUTQrtbVC0uryffg1Yu0JLTr646GMTzxulBSpQGRfNf5UT0bUiLtKngi++UHrngKdv3ovWwpVmY82JhG7rMDhkuWZu3LdEFvY3svNxGtsQ==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDPzCCAiegAwIBAgIQOpwRqLOiO5dOnZepSd5yJzANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDDBZhZGZzLmF0dGFja3JhbmdlLmxvY2FsMB4XDTIxMDEwNjIyMzAyMloXDTIyMDEwNjIyNTAyMlowITEfMB0GA1UEAwwWYWRmcy5hdHRhY2tyYW5nZS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKCwp37iASl3qvAbIyYGI1HOwIlZCAuwLZF+ROf0SVpl+KC19nR+ws7NjacsxsugHMUT1gc9On/l0Jn5pF6VFFcPyPsVvaxLJ+YMY0SBcIHp1iQOKfA2jIFXs4eoLzcrOpX0vqkKsZEPsUAN8tz7OYOPyIP4gylV6hh3nNJXQ2ogeTHXmrpI7wDrAY72g9tDCAitRvAu+nZOLnYaQ3YmnJJGZd+YvmRUd7WAwngYEbJss55ZcL/JU3VJQMJ7OGtjFhjayDT/dUdtvBUqsfF27cArbT5WgGm8WX+WWrJTJgqhQ9YpRUXFajt7Ky5fDLG1cuL6FCHpfrBuRsy7MdY/B+0CAwEAAaNzMHEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAhBgNVHREEGjAYghZhZGZzLmF0dGFja3JhbmdlLmxvY2FsMB0GA1UdDgQWBBQCPwpG/CPNUFbkjPjBuXJr1AOIdzANBgkqhkiG9w0BAQsFAAOCAQEAlzPZxjHF8tLmpf2KLeu9OlVSdcJ/vER7H/3gZmDEnNET/FHbY20npgiQgyk2XoM9WBe9zsuDcORfhndUnW+NHaAHZfdTvtvq1wPoqnEFdedRKMoXU7DtcHHnK533/4ysdcpI8rMS4Tg/WTmFHmubs0xc1TGHL4nVPC1p7Tz6ijkluHxkZFjf0VER/lc6LBXxhEgPuX+aYFvMq1Ty8dYbYjQ9C1sKWYavOnR11pB3uGTRYaj0FwTGhP/UfpkKuaKRhx0j1Iwe01rNDl1+tWhAwZXGDFFcJMTx/Z+vCcSlijBLeVCP7mmm0QgFn7AWrqhAUKkqfcVVvYLgi+FTcuJuSA==</X509Certificate></X509Data></KeyInfo></Signature><RoleDescriptor xsi:type=\"fed:SecurityTokenServiceType\" protocolSupportEnumeration=\"http://docs.oasis-open.org/wsfed/federation/200706\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:fed=\"http://docs.oasis-open.org/wsfed/federation/200706\"><KeyDescriptor use=\"signing\"><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Data><X509Certificate>MIIDPzCCAiegAwIBAgIQOpwRqLOiO5dOnZepSd5yJzANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDDBZhZGZzLmF0dGFja3JhbmdlLmxvY2FsMB4XDTIxMDEwNjIyMzAyMloXDTIyMDEwNjIyNTAyMlowITEfMB0GA1UEAwwWYWRmcy5hdHRhY2tyYW5nZS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKCwp37iASl3qvAbIyYGI1HOwIlZCAuwLZF+ROf0SVpl+KC19nR+ws7NjacsxsugHMUT1gc9On/l0Jn5pF6VFFcPyPsVvaxLJ+YMY0SBcIHp1iQOKfA2jIFXs4eoLzcrOpX0vqkKsZEPsUAN8tz7OYOPyIP4gylV6hh3nNJXQ2ogeTHXmrpI7wDrAY72g9tDCAitRvAu+nZOLnYaQ3YmnJJGZd+YvmRUd7WAwngYEbJss55ZcL/JU3VJQMJ7OGtjFhjayDT/dUdtvBUqsfF27cArbT5WgGm8WX+WWrJTJgqhQ9YpRUXFajt7Ky5fDLG1cuL6FCHpfrBuRsy7MdY/B+0CAwEAAaNzMHEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAhBgNVHREEGjAYghZhZGZzLmF0dGFja3JhbmdlLmxvY2FsMB0GA1UdDgQWBBQCPwpG/CPNUFbkjPjBuXJr1AOIdzANBgkqhkiG9w0BAQsFAAOCAQEAlzPZxjHF8tLmpf2KLeu9OlVSdcJ/vER7H/3gZmDEnNET/FHbY20npgiQgyk2XoM9WBe9zsuDcORfhndUnW+NHaAHZfdTvtvq1wPoqnEFdedRKMoXU7DtcHHnK533/4ysdcpI8rMS4Tg/WTmFHmubs0xc1TGHL4nVPC1p7Tz6ijkluHxkZFjf0VER/lc6LBXxhEgPuX+aYFvMq1Ty8dYbYjQ9C1sKWYavOnR11pB3uGTRYaj0FwTGhP/UfpkKuaKRhx0j1Iwe01rNDl1+tWhAwZXGDFFcJMTx/Z+vCcSlijBLeVCP7mmm0QgFn7AWrqhAUKkqfcVVvYLgi+FTcuJuSA==</X509Certificate></X509Data></KeyInfo></KeyDescriptor><KeyDescriptor use=\"signing\"><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQMN9XaFEOfIpMuOqq+1JFzzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMTAxMTcxODU2MTZaFw0yNDAxMTcyMTU2MTRaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GO3vs2HPr+EXEVnWNRDOIjxS5tP2i9xq/399CAl/sWSbJkooGjcCKWf0DN1cGbbbrzL/V+Hor/htEFBpsbUsL8NbaE5pZOnH3oWquiHFiMs1t3Dh4dSVViKyMgIx/i5j4qUW74fYHvgead3kTIV7oSIYHXPNSF6SGLR8qWgRSCLre5P80PnzQmFoI1MbfJbJWf4rWBRVylJaamRFi8X/9byGAQKNYtrjnxCPtdvqUG03EMvwrUCTOM49qnuUhHUCtrIk8MQ1/xzHePkWT3OXmfCi0ABDFAnb9GH763rLlrawVaZKMzmICQ/Rts3+NUm0urSbPlUq1+IfbCsRCwz/QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA+ZOJcY1oGsj/LLa0KLhlUolA7dojhwDtZFPRInLcyBQ6G2fkEZr7jdgY0vg8X86vFCw2JLIC5UmUrXsC1YGxD0kzdMAqr06uVOxGKD/QCRKfes3AYqv/axoJpSm1uZP2066816bYIpOMjcc5yQaEzFh6Y2d5Ovd+DJ/BLVmTFuKs9p9q5JCpOQQT73c0actHdXsjZeM0iHbuWtQOu6LHJuQRbl7BCdKblLvpnoF7DrAHLq1xArcSUEuXa590aga7Ld9P/6BrTQ26QdGGfmJlRiaWh5iu22lbI169NlFd+EmgXIFWK0Qu6i7zyNkGTTA2GOOG9Z/vNIGKRxmV4l7KN</X509Certificate></X509Data></KeyInfo></KeyDescriptor><fed:ClaimTypesOffered><auth:ClaimType Uri=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>Name</auth:DisplayName><auth:Description>The mutable display name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>Subject</auth:DisplayName><auth:Description>An immutable, globally unique, non-reusable identifier of the user that is unique to the application for which a token is issued.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>Given Name</auth:DisplayName><auth:Description>First name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>Surname</auth:DisplayName><auth:Description>Last name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/identity/claims/displayname\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>Display Name</auth:DisplayName><auth:Description>Display name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/identity/claims/nickname\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>Nick Name</auth:DisplayName><auth:Description>Nick name of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>Authentication Instant</auth:DisplayName><auth:Description>The time (UTC) when the user is authenticated to Windows Azure Active Directory.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>Authentication Method</auth:DisplayName><auth:Description>The method that Windows Azure Active Directory uses to authenticate users.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/identity/claims/objectidentifier\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>ObjectIdentifier</auth:DisplayName><auth:Description>Primary identifier for the user in the directory. Immutable, globally unique, non-reusable.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/identity/claims/tenantid\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>TenantId</auth:DisplayName><auth:Description>Identifier for the user's tenant.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/identity/claims/identityprovider\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>IdentityProvider</auth:DisplayName><auth:Description>Identity provider for the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>Email</auth:DisplayName><auth:Description>Email address of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/ws/2008/06/identity/claims/groups\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>Groups</auth:DisplayName><auth:Description>Groups of the user.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/identity/claims/accesstoken\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>External Access Token</auth:DisplayName><auth:Description>Access token issued by external identity provider.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>External Access Token Expiration</auth:DisplayName><auth:Description>UTC expiration time of access token issued by external identity provider.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/identity/claims/openid2_id\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>External OpenID 2.0 Identifier</auth:DisplayName><auth:Description>OpenID 2.0 identifier issued by external identity provider.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/claims/groups.link\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>GroupsOverageClaim</auth:DisplayName><auth:Description>Issued when number of user's group claims exceeds return limit.</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/ws/2008/06/identity/claims/role\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>Role Claim</auth:DisplayName><auth:Description>Roles that the user or Service Principal is attached to</auth:Description></auth:ClaimType><auth:ClaimType Uri=\"http://schemas.microsoft.com/ws/2008/06/identity/claims/wids\" xmlns:auth=\"http://docs.oasis-open.org/wsfed/authorization/200706\"><auth:DisplayName>RoleTemplate Id Claim</auth:DisplayName><auth:Description>Role template id of the Built-in Directory Roles that the user is a member of</auth:Description></auth:ClaimType></fed:ClaimTypesOffered><fed:SecurityTokenServiceEndpoint><wsa:EndpointReference xmlns:wsa=\"http://www.w3.org/2005/08/addressing\"><wsa:Address>https://login.microsoftonline.com/0e8108b1-18e9-41a4-961b-dfcddf92ef08/wsfed</wsa:Address></wsa:EndpointReference></fed:SecurityTokenServiceEndpoint><fed:PassiveRequestorEndpoint><wsa:EndpointReference xmlns:wsa=\"http://www.w3.org/2005/08/addressing\"><wsa:Address>https://login.microsoftonline.com/0e8108b1-18e9-41a4-961b-dfcddf92ef08/wsfed</wsa:Address></wsa:EndpointReference></fed:PassiveRequestorEndpoint></RoleDescriptor><RoleDescriptor xsi:type=\"fed:ApplicationServiceType\" protocolSupportEnumeration=\"http://docs.oasis-open.org/wsfed/federation/200706\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:fed=\"http://docs.oasis-open.org/wsfed/federation/200706\"><KeyDescriptor use=\"signing\"><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Data><X509Certificate>MIIDPzCCAiegAwIBAgIQOpwRqLOiO5dOnZepSd5yJzANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDDBZhZGZzLmF0dGFja3JhbmdlLmxvY2FsMB4XDTIxMDEwNjIyMzAyMloXDTIyMDEwNjIyNTAyMlowITEfMB0GA1UEAwwWYWRmcy5hdHRhY2tyYW5nZS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKCwp37iASl3qvAbIyYGI1HOwIlZCAuwLZF+ROf0SVpl+KC19nR+ws7NjacsxsugHMUT1gc9On/l0Jn5pF6VFFcPyPsVvaxLJ+YMY0SBcIHp1iQOKfA2jIFXs4eoLzcrOpX0vqkKsZEPsUAN8tz7OYOPyIP4gylV6hh3nNJXQ2ogeTHXmrpI7wDrAY72g9tDCAitRvAu+nZOLnYaQ3YmnJJGZd+YvmRUd7WAwngYEbJss55ZcL/JU3VJQMJ7OGtjFhjayDT/dUdtvBUqsfF27cArbT5WgGm8WX+WWrJTJgqhQ9YpRUXFajt7Ky5fDLG1cuL6FCHpfrBuRsy7MdY/B+0CAwEAAaNzMHEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAhBgNVHREEGjAYghZhZGZzLmF0dGFja3JhbmdlLmxvY2FsMB0GA1UdDgQWBBQCPwpG/CPNUFbkjPjBuXJr1AOIdzANBgkqhkiG9w0BAQsFAAOCAQEAlzPZxjHF8tLmpf2KLeu9OlVSdcJ/vER7H/3gZmDEnNET/FHbY20npgiQgyk2XoM9WBe9zsuDcORfhndUnW+NHaAHZfdTvtvq1wPoqnEFdedRKMoXU7DtcHHnK533/4ysdcpI8rMS4Tg/WTmFHmubs0xc1TGHL4nVPC1p7Tz6ijkluHxkZFjf0VER/lc6LBXxhEgPuX+aYFvMq1Ty8dYbYjQ9C1sKWYavOnR11pB3uGTRYaj0FwTGhP/UfpkKuaKRhx0j1Iwe01rNDl1+tWhAwZXGDFFcJMTx/Z+vCcSlijBLeVCP7mmm0QgFn7AWrqhAUKkqfcVVvYLgi+FTcuJuSA==</X509Certificate></X509Data></KeyInfo></KeyDescriptor><KeyDescriptor use=\"signing\"><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQMN9XaFEOfIpMuOqq+1JFzzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMTAxMTcxODU2MTZaFw0yNDAxMTcyMTU2MTRaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GO3vs2HPr+EXEVnWNRDOIjxS5tP2i9xq/399CAl/sWSbJkooGjcCKWf0DN1cGbbbrzL/V+Hor/htEFBpsbUsL8NbaE5pZOnH3oWquiHFiMs1t3Dh4dSVViKyMgIx/i5j4qUW74fYHvgead3kTIV7oSIYHXPNSF6SGLR8qWgRSCLre5P80PnzQmFoI1MbfJbJWf4rWBRVylJaamRFi8X/9byGAQKNYtrjnxCPtdvqUG03EMvwrUCTOM49qnuUhHUCtrIk8MQ1/xzHePkWT3OXmfCi0ABDFAnb9GH763rLlrawVaZKMzmICQ/Rts3+NUm0urSbPlUq1+IfbCsRCwz/QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA+ZOJcY1oGsj/LLa0KLhlUolA7dojhwDtZFPRInLcyBQ6G2fkEZr7jdgY0vg8X86vFCw2JLIC5UmUrXsC1YGxD0kzdMAqr06uVOxGKD/QCRKfes3AYqv/axoJpSm1uZP2066816bYIpOMjcc5yQaEzFh6Y2d5Ovd+DJ/BLVmTFuKs9p9q5JCpOQQT73c0actHdXsjZeM0iHbuWtQOu6LHJuQRbl7BCdKblLvpnoF7DrAHLq1xArcSUEuXa590aga7Ld9P/6BrTQ26QdGGfmJlRiaWh5iu22lbI169NlFd+EmgXIFWK0Qu6i7zyNkGTTA2GOOG9Z/vNIGKRxmV4l7KN</X509Certificate></X509Data></KeyInfo></KeyDescriptor><fed:TargetScopes><wsa:EndpointReference xmlns:wsa=\"http://www.w3.org/2005/08/addressing\"><wsa:Address>https://sts.windows.net/0e8108b1-18e9-41a4-961b-dfcddf92ef08/</wsa:Address></wsa:EndpointReference></fed:TargetScopes><fed:ApplicationServiceEndpoint><wsa:EndpointReference xmlns:wsa=\"http://www.w3.org/2005/08/addressing\"><wsa:Address>https://login.microsoftonline.com/0e8108b1-18e9-41a4-961b-dfcddf92ef08/wsfed</wsa:Address></wsa:EndpointReference></fed:ApplicationServiceEndpoint><fed:PassiveRequestorEndpoint><wsa:EndpointReference xmlns:wsa=\"http://www.w3.org/2005/08/addressing\"><wsa:Address>https://login.microsoftonline.com/0e8108b1-18e9-41a4-961b-dfcddf92ef08/wsfed</wsa:Address></wsa:EndpointReference></fed:PassiveRequestorEndpoint></RoleDescriptor><IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><KeyDescriptor use=\"signing\"><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Data><X509Certificate>MIIDPzCCAiegAwIBAgIQOpwRqLOiO5dOnZepSd5yJzANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDDBZhZGZzLmF0dGFja3JhbmdlLmxvY2FsMB4XDTIxMDEwNjIyMzAyMloXDTIyMDEwNjIyNTAyMlowITEfMB0GA1UEAwwWYWRmcy5hdHRhY2tyYW5nZS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKCwp37iASl3qvAbIyYGI1HOwIlZCAuwLZF+ROf0SVpl+KC19nR+ws7NjacsxsugHMUT1gc9On/l0Jn5pF6VFFcPyPsVvaxLJ+YMY0SBcIHp1iQOKfA2jIFXs4eoLzcrOpX0vqkKsZEPsUAN8tz7OYOPyIP4gylV6hh3nNJXQ2ogeTHXmrpI7wDrAY72g9tDCAitRvAu+nZOLnYaQ3YmnJJGZd+YvmRUd7WAwngYEbJss55ZcL/JU3VJQMJ7OGtjFhjayDT/dUdtvBUqsfF27cArbT5WgGm8WX+WWrJTJgqhQ9YpRUXFajt7Ky5fDLG1cuL6FCHpfrBuRsy7MdY/B+0CAwEAAaNzMHEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAhBgNVHREEGjAYghZhZGZzLmF0dGFja3JhbmdlLmxvY2FsMB0GA1UdDgQWBBQCPwpG/CPNUFbkjPjBuXJr1AOIdzANBgkqhkiG9w0BAQsFAAOCAQEAlzPZxjHF8tLmpf2KLeu9OlVSdcJ/vER7H/3gZmDEnNET/FHbY20npgiQgyk2XoM9WBe9zsuDcORfhndUnW+NHaAHZfdTvtvq1wPoqnEFdedRKMoXU7DtcHHnK533/4ysdcpI8rMS4Tg/WTmFHmubs0xc1TGHL4nVPC1p7Tz6ijkluHxkZFjf0VER/lc6LBXxhEgPuX+aYFvMq1Ty8dYbYjQ9C1sKWYavOnR11pB3uGTRYaj0FwTGhP/UfpkKuaKRhx0j1Iwe01rNDl1+tWhAwZXGDFFcJMTx/Z+vCcSlijBLeVCP7mmm0QgFn7AWrqhAUKkqfcVVvYLgi+FTcuJuSA==</X509Certificate></X509Data></KeyInfo></KeyDescriptor><KeyDescriptor use=\"signing\"><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQMN9XaFEOfIpMuOqq+1JFzzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMTAxMTcxODU2MTZaFw0yNDAxMTcyMTU2MTRaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GO3vs2HPr+EXEVnWNRDOIjxS5tP2i9xq/399CAl/sWSbJkooGjcCKWf0DN1cGbbbrzL/V+Hor/htEFBpsbUsL8NbaE5pZOnH3oWquiHFiMs1t3Dh4dSVViKyMgIx/i5j4qUW74fYHvgead3kTIV7oSIYHXPNSF6SGLR8qWgRSCLre5P80PnzQmFoI1MbfJbJWf4rWBRVylJaamRFi8X/9byGAQKNYtrjnxCPtdvqUG03EMvwrUCTOM49qnuUhHUCtrIk8MQ1/xzHePkWT3OXmfCi0ABDFAnb9GH763rLlrawVaZKMzmICQ/Rts3+NUm0urSbPlUq1+IfbCsRCwz/QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA+ZOJcY1oGsj/LLa0KLhlUolA7dojhwDtZFPRInLcyBQ6G2fkEZr7jdgY0vg8X86vFCw2JLIC5UmUrXsC1YGxD0kzdMAqr06uVOxGKD/QCRKfes3AYqv/axoJpSm1uZP2066816bYIpOMjcc5yQaEzFh6Y2d5Ovd+DJ/BLVmTFuKs9p9q5JCpOQQT73c0actHdXsjZeM0iHbuWtQOu6LHJuQRbl7BCdKblLvpnoF7DrAHLq1xArcSUEuXa590aga7Ld9P/6BrTQ26QdGGfmJlRiaWh5iu22lbI169NlFd+EmgXIFWK0Qu6i7zyNkGTTA2GOOG9Z/vNIGKRxmV4l7KN</X509Certificate></X509Data></KeyInfo></KeyDescriptor><SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://login.microsoftonline.com/0e8108b1-18e9-41a4-961b-dfcddf92ef08/saml2\" /><SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://login.microsoftonline.com/0e8108b1-18e9-41a4-961b-dfcddf92ef08/saml2\" /><SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://login.microsoftonline.com/0e8108b1-18e9-41a4-961b-dfcddf92ef08/saml2\" /></IDPSSODescriptor></EntityDescriptor>", "sAMLProviderArn": "arn:aws:iam::111111111111:saml-provider/rodsotoonmicrosoft"}, "responseElements": {"sAMLProviderArn": "arn:aws:iam::111111111111:saml-provider/rodsotoonmicrosoft"}, "requestID": "83d621ad-5b33-4ff0-acf4-0043cb432844", "eventID": "51b6d859-0cc4-4591-ba76-3494f3f43832", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "eventCategory": "Management", "recipientAccountId": "111111111111"}

Source: GitHub | Version: 2