duckfez
commented
2 years ago What provider? What MFA setup? Share your .saml2aws config file?
Open sandeepmohanty12 opened 2 years ago
duckfez
commented
2 years ago What provider? What MFA setup? Share your .saml2aws config file?
bhargavamin
commented
2 years ago I'm having the same problem. Here are content of .saml2aws file
name = default
app_id =
url = https://accounts.google.com/o/saml2/initsso?idpid=Blah&spid=Blah&forceauthn=false
username = xyz@xyz.com
provider = GoogleApps
mfa = Auto
skip_verify = false
timeout = 0
aws_urn = urn:amazon:webservices
aws_session_duration = 3600
aws_profile = saml
resource_id =
subdomain =
role_arn =
region =
http_attempts_count =
http_retry_delay =
credentials_file =
saml_cache = false
saml_cache_file =
target_url =
disable_remember_device = false
disable_sessions = false
prompter =@duckfez
sandeepmohanty12
commented
2 years ago @duckfez $ cat .saml2aws [default] app_id = url = https://account.okta-emea.com/home/amazon_aws/0oa2yrga8aqwKN6Qh0i7/272 username = xyz provider = Okta mfa = OKTA skip_verify = false timeout = 0 aws_urn = urn:amazon:webservices aws_session_duration = 3600 aws_profile = default resource_id = subdomain = role_arn = region = http_attempts_count = http_retry_delay = name = default credentials_file = saml_cache = false saml_cache_file = target_url = disable_remember_device = false disable_sessions = false prompter =
sandeepmohanty12
commented
2 years ago PS C:\Users\mohantys> saml2aws login --verbose time="2022-04-21T09:11:50+01:00" level=debug msg=Running command=login time="2022-04-21T09:11:50+01:00" level=debug msg="Check if creds exist." command=login time="2022-04-21T09:11:50+01:00" level=debug msg=Expand name="C:\Users\mohantys/.aws/credentials" pkg=awsconfig time="2022-04-21T09:11:50+01:00" level=debug msg=resolveSymlink name="C:\Users\mohantys\.aws\credentials" pkg=awsconfig time="2022-04-21T09:11:50+01:00" level=debug msg=ensureConfigExists filename="C:\Users\mohantys\.aws\credentials" pkg=awsconfig Using IdP Account default to access Okta https://ibm.ibm-emea.com/home/amazon_aws/0oa2yrga8aqwKN6Qh0i7/272 To use saved password just hit enter. ? Username (mohantys)
? Username mohantys ? Password *****
time="2022-04-21T09:12:34+01:00" level=debug msg="building provider" command=login idpAccount="account {\n DisableSessions: false\n DisableRememberDevice: false\n URL: https://ibm.ibm-emea.com/home/amazon_aws/0oa2yrga8aqwKN6Qh0i7/272\n Username: mohantys\n Provider: Okta\n MFA: OKTA\n SkipVerify: false\n AmazonWebservicesURN: urn:amazon:webservices\n SessionDuration: 3600\n Profile: default\n RoleARN: \n Region: \n}" time="2022-04-21T09:12:34+01:00" level=debug msg="ibm | disableSessions: false" provider=ibm time="2022-04-21T09:12:34+01:00" level=debug msg="ibm | rememberDevice: true" provider=ibm Authenticating as mohantys ... time="2022-04-21T09:12:34+01:00" level=debug msg="auth with session func called" provider=ibm time="2022-04-21T09:12:34+01:00" level=debug msg="validate session func called" provider=ibm time="2022-04-21T09:12:34+01:00" level=debug msg="HTTP Req" URL="https://ibm.ibm-emea.com/api/v1/sessions/me" http=client method=GET time="2022-04-21T09:12:34+01:00" level=debug msg="HTTP Res" Status="200 OK" http=client time="2022-04-21T09:12:34+01:00" level=debug msg="ibm session established" provider=ibm time="2022-04-21T09:12:34+01:00" level=debug msg="valid ibm session" provider=ibm time="2022-04-21T09:12:34+01:00" level=debug msg="HTTP Req" URL="https://ibm.ibm-emea.com/home/amazon_aws/0oa2yrga8aqwKN6Qh0i7/272" http=client method=GET time="2022-04-21T09:12:34+01:00" level=debug msg="HTTP Res" Status="200 OK" http=client time="2022-04-21T09:12:34+01:00" level=debug msg="ibm step-up prompted, need mfa..." provider=ibm time="2022-04-21T09:12:34+01:00" level=debug msg="HTTP Req" URL="https://ibm.ibm-emea.com/api/v1/authn" http=client method=POST time="2022-04-21T09:12:34+01:00" level=debug msg="HTTP Res" Status="200 OK" http=client time="2022-04-21T09:12:34+01:00" level=debug msg=MFA factorID=password mfaIdentifer="OKTA PASSWORD" ibmVerify="https://ibm.ibm-emea.com/api/v1/authn/factors/password/verify" provider=ibm unsupported mfa provider github.com/versent/saml2aws/v2/pkg/provider/ibm.getMfaChallengeContext github.com/versent/saml2aws/v2/pkg/provider/ibm/ibm.go:673 github.com/versent/saml2aws/v2/pkg/provider/ibm.verifyMfa github.com/versent/saml2aws/v2/pkg/provider/ibm/ibm.go:742 github.com/versent/saml2aws/v2/pkg/provider/ibm.(Client).Authenticate github.com/versent/saml2aws/v2/pkg/provider/ibm/ibm.go:479 github.com/versent/saml2aws/v2/pkg/provider/ibm.(Client).authWithSession github.com/versent/saml2aws/v2/pkg/provider/ibm/ibm.go:330 github.com/versent/saml2aws/v2/pkg/provider/ibm.(Client).Authenticate github.com/versent/saml2aws/v2/pkg/provider/ibm/ibm.go:461 github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login github.com/versent/saml2aws/v2/cmd/saml2aws/commands/login.go:105 main.main ./main.go:188 runtime.main runtime/proc.go:255 runtime.goexit runtime/asm_amd64.s:1581 error verifying MFA github.com/versent/saml2aws/v2/pkg/provider/ibm.(Client).Authenticate github.com/versent/saml2aws/v2/pkg/provider/ibm/ibm.go:481 github.com/versent/saml2aws/v2/pkg/provider/ibm.(Client).authWithSession github.com/versent/saml2aws/v2/pkg/provider/ibm/ibm.go:330 github.com/versent/saml2aws/v2/pkg/provider/ibm.(Client).Authenticate github.com/versent/saml2aws/v2/pkg/provider/ibm/ibm.go:461 github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login github.com/versent/saml2aws/v2/cmd/saml2aws/commands/login.go:105 main.main ./main.go:188 runtime.main runtime/proc.go:255 runtime.goexit runtime/asm_amd64.s:1581 Error authenticating to IdP. github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login github.com/versent/saml2aws/v2/cmd/saml2aws/commands/login.go:107 main.main ./main.go:188 runtime.main runtime/proc.go:255 runtime.goexit runtime/asm_amd64.s:1581
error authenticating to IdP: error verifying MFA: unsupported mfa provider