search

Nike-Inc / gimme-aws-creds

A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials
Apache License 2.0
919 stars 262 forks source link

Does not work with Okta + Kolide #453

Closed iceycake closed 5 months ago

iceycake commented 5 months ago

Expected Behavior

OKTA is using a selected method and Kolide as MFA. After regular login with gimme-aws-creds, I should receive 2FA request and then Kolide validation. Then I should receive my aws credentials.

Current Behavior

After gimme-aws-creds asked my okta password, it received an error message from OKTA before the 1st 2FA request.

LOGIN ERROR: This operation is not allowed in the current authentication state. | Error Code: E0000079

Possible Solution

🤷🏻

Steps to Reproduce (for bugs)

Use gimme-aws-creds to login an aws account uses OKTA with Kolide.

Context

I'm unable to login AWS via gimme-aws-creds

Your Environment

epierce commented 5 months ago

Kolide is an "IdP-as-a-factor" in Okta, which doesn't work with the Factors API that gimme-aws-creds uses in Classic mode. You'll have to use the browser-based Device Authorization Flow to authenticate so that your browser can be redirected to the Kolide service.