Integrating AWS AppStream 2.0 with Auth0 as a SAML Identity Provider (IdP) requires specific SAML assertion configurations to prevent "401 unsupported authentication mechanism" errors. Developers must create an Auth0 Rule to map the correct assertions to the SAML response.

When an authentication attempt occurs after configuring the default setup, the system returns the following error:

401 unsupported authentication mechanism

• Amazon Web Services (AWS) AppStream
• Single Sign-On (SSO)
• SAML IdP
• Rules

What are the steps to configure Auth0 as a SAML IdP for AWS AppStream?

To configure Auth0 as a SAML IdP for AWS AppStream, set up the external IdP in AWS and attach a specific Auth0 Rule to generate the necessary SAML assertions.

1. Follow the AWS documentation Using Auth0 with AD on Amazon AppStream 2.0 for external SAML IdPs.

2. Navigate to the Auth0 dashboard and create a Rule for the AppStream application.

3. Follow Step 6 from the AWS guide to create the required assertions for the SAML authentication response.

4. Attach the Rule to the AppStream application within Auth0.

NOTE: Skip steps 1 and 7 in the AWS documentation if the environment does not use Microsoft Active Directory.