saml2aws icon indicating copy to clipboard operation
saml2aws copied to clipboard
verified publisher icon Versent

Option --mfa not supported for AzureAD

Open arthurhobspice opened this issue 3 years ago • 5 comments

I would like to use the saml2aws command line option --mfa=... with AzureAD, so that I can pass in the 6-digit token using oathtool. With ADFS that worked fine, for provider = AzureAD the mfa option is ignored. Do you have it on the roadmap for a future release, or are there technical reasons that the option cannot be supported?

arthurhobspice avatar Oct 27 '22 07:10 arthurhobspice

I mean the option --mfa-token. Cannot edit the issue...

ghost avatar Oct 27 '22 08:10 ghost

I'm also interested in this feature. Are there any blockers that'd not allow it?

kitos9112 avatar Nov 22 '22 09:11 kitos9112

I've got a local version working of this by passing the loginCredentials struct to a few functions and then adding a local if statement. I'll share this with you @arthurhobspice

kitos9112 avatar Nov 26 '22 22:11 kitos9112

@arthurhobspice eventually the option support the use of OATH TOTP SHA-1 tokens was not around when the MFA handler for the AzureAD provider was worked on. Currently it only supports server side triggered MFA tokens, thus no need to support handing in tokens via param. I quickly checked the implementation, and might be able to add that to the most recent AzureAD provider adoption tracked in #795 Any support would be welcome :)

christianmeyer avatar Mar 17 '23 10:03 christianmeyer

@christianmeyer thanks for working on this. Do you know if the --mfa-token= option is now being utilized when the provider is set to AzureAD? I updated to saml2aws version 2.36.8 but am still being prompted to enter a verification code.

corleyscotte avatar May 17 '23 04:05 corleyscotte