• https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html
• https://aws.amazon.com/blogs/networking-and-content-delivery/authenticate-aws-client-vpn-users-with-saml/
• https://aws.amazon.com/blogs/apn/how-to-integrate-aws-client-vpn-with-azure-active-directory/
• https://codeburst.io/the-aws-client-vpn-federated-authentication-missing-example-655e0a1ff7f4
• https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#mutual

1. Add SAML application to SSO Provider
2. Add SAML IdP to AWS Account
3. Add mutual authentications server certificate to ACM
4. Create AWS Client VPN endpoint and associate to VPC subnets

• Sign on settings memberOf *
• Advanced sign on settings set port of 35001

• urn:amazon:webservices:clientvpn
• Add https://127.0.0.1:35001 (edit manifest to change to http)
• Edit SAML signing to response and assertion
• Edit user attributes and claims
• Assign user / group

• Manually enter info
• urn:amazon:webservices:clientvpn
• Add http://127.0.0.1:35001
• Edit user attributes and claims
• Assign user / group

• Add SAML identity provider
• upload meta data from SSO provider

• Add certificate and paste in cert, key, and ca cert

git clone https://github.com/OpenVPN/easy-rsa.git
cd easy-rsa/easyrsa3
./easyrsa init-pki
./easyrsa build-ca nopass
./easyrsa build-server-full SERVERNAME nopass
./easyrsa build-client-full CLIENT.DOMAIN.TLD nopass

• Select server cert
• Select user based authentication, federated authentication, SAML IdP