12/14/23 @9:57am ET
Root cause analysis as provided by Amazon AWS:
On December 13 at 9:00AM Pacific, Amazon Cognito rolled out a change to improve the reliability of its SAML federation feature. Unfortunately, this change caused a small number of customers to receive authentication errors when trying to login from a SAML identity provider. The problem was limited to customers who sent login requests with expired SAML x509 certificates. We have rolled back the change. Cognito’s SAML federation feature is operating normally as of 10:10AM Pacific. We sincerely apologize for the inconvenience.
12/13/23 @ 2:03pm ET
All reported login issues have been resolved. A root cause will be published upon completion.
...