saml2aws
saml2aws copied to clipboard
Versent
Okta login with Duo fails
Using either Duo Push or Passcode options on Mac OS (brew-installed), login is failing. Maybe these verbose logs will help?
$ saml2aws login -a example --verbose
DEBU[0000] Running command=login
# snip...
? Select a DUO MFA Option Duo Push
DEBU[0011] HTTP Req URL="https://api-redacted.duosecurity.com/frame/prompt" http=client method=POST
DEBU[0011] HTTP Res Status="200 OK" http=client
error authenticating mfa device
github.com/versent/saml2aws/v2/pkg/provider/okta.verifyMfa
/Users/markw/Code/notgopath/saml2aws/pkg/provider/okta/okta.go:552
github.com/versent/saml2aws/v2/pkg/provider/okta.(*Client).Authenticate
/Users/markw/Code/notgopath/saml2aws/pkg/provider/okta/okta.go:144
github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login
/Users/markw/Code/notgopath/saml2aws/cmd/saml2aws/commands/login.go:70
main.main
/Users/markw/Code/notgopath/saml2aws/cmd/saml2aws/main.go:163
runtime.main
/usr/local/Cellar/go/1.15/libexec/src/runtime/proc.go:204
runtime.goexit
/usr/local/Cellar/go/1.15/libexec/src/runtime/asm_amd64.s:1374
error verifying MFA
github.com/versent/saml2aws/v2/pkg/provider/okta.(*Client).Authenticate
/Users/markw/Code/notgopath/saml2aws/pkg/provider/okta/okta.go:146
github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login
/Users/markw/Code/notgopath/saml2aws/cmd/saml2aws/commands/login.go:70
main.main
/Users/markw/Code/notgopath/saml2aws/cmd/saml2aws/main.go:163
runtime.main
/usr/local/Cellar/go/1.15/libexec/src/runtime/proc.go:204
runtime.goexit
/usr/local/Cellar/go/1.15/libexec/src/runtime/asm_amd64.s:1374
error authenticating to IdP
github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login
/Users/markw/Code/notgopath/saml2aws/cmd/saml2aws/commands/login.go:72
main.main
/Users/markw/Code/notgopath/saml2aws/cmd/saml2aws/main.go:163
runtime.main
/usr/local/Cellar/go/1.15/libexec/src/runtime/proc.go:204
runtime.goexit
/usr/local/Cellar/go/1.15/libexec/src/runtime/asm_amd64.s:1374
Using
$ saml2aws --version
2.27.0
Seems related to
- #495
- #497
- #527
Same here! Logs are exactly the same, both push and passcode fail with Duo
Still an issue in macOS. saml2aws version 2.34.0 MFA is set to PUSH.
UPDATE
I fixed it by setting the right ULR. In our case the AWS app in Okta UI.
