CognitoIdentityProvider / Client / get_signing_certificate
get_signing_certificate#
- CognitoIdentityProvider.Client.get_signing_certificate(**kwargs)#
Given a user pool ID, returns the signing certificate for SAML 2.0 federation.
Issued certificates are valid for 10 years from the date of issue. Amazon Cognito issues and assigns a new signing certificate annually. This renewal process returns a new value in the response to
GetSigningCertificate
, but doesn’t invalidate the original certificate.For more information, see Signing SAML requests.
Note
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
See also: AWS API Documentation
Request Syntax
response = client.get_signing_certificate( UserPoolId='string' )
- Parameters:
UserPoolId (string) –
[REQUIRED]
The ID of the user pool where you want to view the signing certificate.
- Return type:
dict
- Returns:
Response Syntax
{ 'Certificate': 'string' }
Response Structure
(dict) –
Response from Amazon Cognito for a signing certificate request.
Certificate (string) –
The x.509 certificate that signs SAML 2.0 authentication requests for your user pool.
Exceptions
CognitoIdentityProvider.Client.exceptions.InternalErrorException
CognitoIdentityProvider.Client.exceptions.InvalidParameterException
CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException