AWS Cognito giving 503 Error intermittently

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • Version Affected:  All


    AWS is returning a 503 at times. Although at first glance this can appear to be coming from AWS not SecureAuth, with some OIDC setups it can be caused be a slow response from the SecureAuth OIDCToken endpoint



    The Cognito backend is making a POST to the SecureAuth IdP and expects a reply within 5 seconds. 

    If you have multiple servers, this request can easily go to a different IdP to what the Users browser talked to and this IdP can be cold and slow to respond



    1. Create a new AppPool for these Cognito realms

    2. Move the Cognito realm into that AppPool 

    3. Apply these settings to the Server, Realm and appropriate Apppool Click here


    Special Considerations:

    I don't recommend applying the steps in that link if you have hundreds of realms all in the same AppPool as it can mean IIS takes longer to start as it will not server full pages until all the realms in the AppPool have been warmed up. 


    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful



    Please sign in to leave a comment.