(cognito): Add idpInitiated flag to UserPoolIdentityProviderSaml

[Booligoosh]

Describe the feature

Cognito now supports IdP-initiated SAML auth flows, however it requires an option being set on the User Pool Identity Provider: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-session-initiation.html

The option is available in the AWS console under the "IDP-initiated SAML sign-in" section when editing a SAML identity provider, just under the "Sign-out flow" section.

Use Case

I can't currently enable IdP-initiated auth without using a CFN override:

const cfnSamlProvider = samlProvider.node.defaultChild as cognito.CfnUserPoolIdentityProvider;
cfnSamlProvider.providerDetails.IDPInit = "true";

Proposed Solution

Add a new prop idpInitiated: boolean to UserPoolIdentityProviderSaml that controls whether ProviderDetails.IDPInit is set to "true" or "false".

Other Information

Related to PR #29588 and issue #29494

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.115.0

Environment details (OS name and version, etc.)

Windows 10 Enterprise

[msambol]

@badmintoncryer Do you want to take this and add it to #29588 ?

[badmintoncryer]

@msambol Of course! I can take it.

@Booligoosh If you prefer to create the PR yourself, that's fine too. Which do you want to?

[Booligoosh]

Hi @badmintoncryer, if you're happy to take it, that'd be awesome, cheers!! If you don't want to though, I can do it.

[badmintoncryer]

@Booligoosh Sure! I'll take it😃

[tim-finnigan]

Thank you for the feature request and the PR!