CognitoIdentityProvider / Client / get_signing_certificate

get_signing_certificate

CognitoIdentityProvider.Client.get_signing_certificate(**kwargs)

Given a user pool ID, returns the signing certificate for SAML 2.0 federation.

Issued certificates are valid for 10 years from the date of issue. Amazon Cognito issues and assigns a new signing certificate annually. This renewal process returns a new value in the response to GetSigningCertificate, but doesn’t invalidate the original certificate.

For more information, see Signing SAML requests.

Note

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

See also: AWS API Documentation

Request Syntax

response = client.get_signing_certificate(
    UserPoolId='string'
)

Parameters:

UserPoolId (string) –

[REQUIRED]

The ID of the user pool where you want to view the signing certificate.

Return type:

dict

Returns:

Response Syntax

{
    'Certificate': 'string'
}

Response Structure

• (dict) –

  Response from Amazon Cognito for a signing certificate request.

  • Certificate (string) –

    The x.509 certificate that signs SAML 2.0 authentication requests for your user pool.

Exceptions

• CognitoIdentityProvider.Client.exceptions.InternalErrorException

• CognitoIdentityProvider.Client.exceptions.InvalidParameterException

• CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException