Option --mfa not supported for AzureAD

[arthurhobspice]

I would like to use the saml2aws command line option --mfa=... with AzureAD, so that I can pass in the 6-digit token using oathtool. With ADFS that worked fine, for provider = AzureAD the mfa option is ignored. Do you have it on the roadmap for a future release, or are there technical reasons that the option cannot be supported?

[ghost]

I mean the option --mfa-token. Cannot edit the issue...

[kitos9112]

I'm also interested in this feature. Are there any blockers that'd not allow it?

[kitos9112]

I've got a local version working of this by passing the loginCredentials struct to a few functions and then adding a local if statement. I'll share this with you @arthurhobspice

[christianmeyer]

@arthurhobspice eventually the option support the use of OATH TOTP SHA-1 tokens was not around when the MFA handler for the AzureAD provider was worked on. Currently it only supports server side triggered MFA tokens, thus no need to support handing in tokens via param. I quickly checked the implementation, and might be able to add that to the most recent AzureAD provider adoption tracked in #795 Any support would be welcome :)

[corleyscotte]

@christianmeyer thanks for working on this. Do you know if the --mfa-token= option is now being utilized when the provider is set to AzureAD? I updated to saml2aws version 2.36.8 but am still being prompted to enter a verification code.

[saitotqr]

@mapkon @hejfelix When will this version be released? I can't wait.

[hejfelix]

I thought it was already out https://github.com/Versent/saml2aws/discussions/1356#discussion-7345536 ?

[saitotqr]

@hejfelix branch https://github.com/Versent/saml2aws/tree/v2.36.18 does not appear to contain changes to pull request https://github.com/Versent/saml2aws/pull/1355 . --mfa-token option on azuread is not recognized in the v2.36.18 binary.