AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
A company federates employee access to multiple AWS accounts by using a SAML 2.0 identity provider (IdP). Each account still has the default 1-hour maximum session duration for the IAM roles that employees assume through SAML. Compliance now requires 2-hour sessions, so the IdP was updated to include a DurationSeconds=7200 attribute. Since the change, users receive an AccessDenied error when attempting to sign in. Which action will allow successful federation while meeting the 2-hour session requirement?
Remove any duration attribute so the default 1-hour session length is applied automatically.
Add the parameter --duration-seconds 7200 to all AWS CLI profiles used by the developers.
Rename the attribute in the SAML assertion to SessionDuration and increase each role's Maximum session duration setting to 7,200 seconds.
Keep the DurationSeconds attribute but raise every role's Maximum session duration to 12 hours.
For SAML federation, the IdP must supply the attribute named SessionDuration, not DurationSeconds. The value in that attribute can be any duration up to, but not exceeding, the role's Maximum session duration setting. Because the roles still use the default 1-hour maximum, the 7,200-second request is rejected. Updating each role to allow at least a 2-hour session (7,200 seconds) and sending that value in the SessionDuration attribute lets users obtain the desired 2-hour temporary credentials without violating the compliance limit. Other options either keep the incorrect attribute name, rely on the 1-hour default, or attempt to set the duration from the client side, none of which resolves the authentication failure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a SAML 2.0 identity provider (IdP)?
Open an interactive chat with Bash
What is the purpose of the SessionDuration attribute in SAML assertions?
Open an interactive chat with Bash
How does Maximum session duration in an IAM role affect federated access?
Open an interactive chat with Bash
What is SAML 2.0 and how does it enable federation in AWS?
Open an interactive chat with Bash
What is the role of the 'Maximum session duration' setting in IAM roles?
Open an interactive chat with Bash
Why does changing DurationSeconds to SessionDuration resolve the issue?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Security and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .