Hi friends, is it possible to have a single AWS Client VPN Endpoint that supports both federated and certificate based authentication? https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_endpoint
We have a aws client vpn endpoint setup with federated-authentication
, this works well with saml idp. We dont modify the .opvn at all.
We added support for certificate/mutual-authentication
to this same client vpn endpoint.
On the surface it seems possible but we are finding that it just ends up using federated-authentication ( but now you have to update the opvn config with the client cert/pk block otherwise it does not work).
I expected us to be able to authenticate with either our idp OR by specifying client cert/pk in the opvn on a single client vpn endpoint. is that assumption wrong?