Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Okta Verify with Push issue #643

Open
poiromaniax opened this issue Mar 29, 2021 · 3 comments · May be fixed by #793
Open

Okta Verify with Push issue #643

poiromaniax opened this issue Mar 29, 2021 · 3 comments · May be fixed by #793

Comments

@poiromaniax
Copy link

Hi there,
I am just starting out using saml2aws but am running into an issue using Okta Verify with push.

Because this is the first time login using an "unrecognized device", Okta Verify prompts me to match a number shown on the screen to 1 of 3 numbers displayed in the app.

Obviously no number is shown in saml2aws so I cant login

Has anyone experienced this and knows a way around it?

@vsqz-dev
Copy link

vsqz-dev commented Feb 8, 2022

We're also experiencing the same issue with Okta Verify. The same applies to Google Authenicator. In both cases this triggers of when you use the saml2aws for the first time from a new device. Okta then considers this to be a "suspicious" session and triggers the enhanced MFA routine resulting in the three digits being displayed on the screen. It works okay if you are working with a standar web browser session as you can read the acutal required number and press it on the Okta Verify or Google Auth app. It would be good to update the saml2aws code to read from the Okta TLS session feedback and scrap the number returned and present it in the console.

duckfez pushed a commit to duckfez/saml2aws that referenced this issue Mar 23, 2022
@duckfez duckfez linked a pull request Mar 23, 2022 that will close this issue
duckfez pushed a commit to duckfez/saml2aws that referenced this issue Mar 23, 2022
duckfez pushed a commit to duckfez/saml2aws that referenced this issue May 28, 2022
@solovyevt
Copy link

solovyevt commented Nov 1, 2022

There is a pending merge request #793, would be great to have this feature soon.

@mlcl-peter-holberton
Copy link

Hopefully the patch will be applied soon, but as a workaround, you can set the environment variable DUMP_CONTENT to true as outlined in https://github.com/Versent/saml2aws#debugging-issues-with-idps. As the documentation warns, this will output authentication related information so don't copy and paste it into chat or tickets.

After authenticating, the response will contain a string like

_embedded":{"challenge":{"correctAnswer":99}}

Use that value to respond on your app.

As far as I can tell, you'll only need to do it once.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants