Exception:
AWSOpenIdDiscoveryService; Status Code: 400; Error Code: AuthSamlInvalidSamlResponseException; Request ID: <Request Id>; Proxy: null) (Service: AWSSecurityTokenV20111201; Status Code: 400; Error Code: InvalidIdentityToken; Request ID: <Request Id>; Proxy: null). Please try again.

Resolution:
1. Go to https://{Your Domain}.lightning.force.com/lightning/setup/IdpPage/home.

2. Click Download Metadata button.

3. Open the downloaded XML file using a text editor application.

4. Login into the AWS Console using the Root user credentials.

5. Go to IAM.

6. Select Identity Providers.

7. Select the IDP in the AWS Console for the Salesforce Voice SSO.

5. Select XML option to view the Metadata document. The downloaded Metadata from Salesforce should match the XML in AWS Console. We can also use the “Add provider” button from the Identity providers to create a new Identity Provider in AWS Console.