Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failure to Authenticate with AzureAD when Device Verification is Enabled #1298

Open
icirellik opened this issue Jun 20, 2024 · 1 comment
Open

Comments

@icirellik
Copy link

icirellik commented Jun 20, 2024

Periodically our organization administrator requires us to verify our devices, which blocks the SAML authentication process and requires manual verification. This is the screen you would see after a successful authentication in the browser when verification is required.

more-information

A more insightful error would be helpful as automatic verification would defeat the security protections. As you can see from the output below the current error is confusing as it indicates the OTP was entered twice instead of directing the user to log in in the browser which is the correct action in this instance.

saml2aws login --force
Using IdP Account default to access AzureAD https://account.activedirectory.windowsazure.com
To use saved password just hit enter.
? Username [email protected]
? Password

Authenticating as [email protected]  ...
? Enter verification code 123456
? Enter verification code 123456
Error authenticating to IdP.: error processing MFA, errcode: 500121, message: PhoneAppOtpAuthFailedDuplicateCodeEntered

The verbose output indicates a successful authentication followed by a duplicate code:

// First OTP
{"Success":true,"ResultValue":"Success"}
// Second OTP
{"Success":false,"ResultValue":"PhoneAppOtpAuthFailedDuplicateCodeEntered"}
@radityasurya
Copy link

I also had this issue, enter two different otp code seems to be working

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants