Q287.A solutions architect has implemented a SAML 2.0 federated identity solution with their company' s on-premises identity provider (ldP) to authenticate users' access to the AWS environment. When the solutions architect tests authentication through the federated identity web portal access to the AWS environment is granted. However when test users attempt to authenticate through the federated identity web portal they are not able to access the AWS environment.Which items should the solutions architect check to ensure identity federation is properly configured? (Select THREE.)
A.The lAM user's permissions policy has allowed the use of SAML federation for that user. B.The lAM roles created for the federated users' or federated groups' trust policy have set the SAML provider as the principal. C.Test users are not in the AWSFederatedUsers group in the company's ldP. D.The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of the SAML provider the ARN of the lAM role and the SAML assertion from idP. E.The on-premises ldP's DNS hostname is reachable from the AWS environment VPC5. F.The company's ldP defines SAML assertions that properly map users or groups in the company to lAM roles with appropriate permissions.正确答案BDF
