ODIC UI logins fail to trigger MFA

[tam116]

Auth fails for UI logins using OIDC when MFA is enforced. The message "A login request was issued that is subject to MFA validation. Please make sure to validate the login by sending another request to mfa/validate endpoint." is displayed.

This issue does not affect the CLI

== Steps to reproduce the behavior:

1. Setup OIDC as an auth option
2. Setup an Login MFA provider and enable enforcement of the OIDC method or OIDC mount from the previous step
3. Attempt to login via the UI using the OIDC provider
4. Login fails

Expected behavior Something similar the CLI experience where I get an automatic push notification Edit: If I use userpass with the same MFA config then it works. I tried to debug a bit more and it appears that the call to mfavaildate either isn't happening or the OIDC flow is calling lookup_token before mfavalidate.

Environment:

• Vault Server Version (retrieve with vault status): 1.11.0
• Vault CLI Version (retrieve with vault version): 1.11.0
• Server Operating System/Architecture: Ubuntu 20.04 x86_64

[lahiruperamune]

When I attempt to configure MFA for OIDC logins using terraform, I keep getting the same message. Any solution?

[chris-burn-phocas]

I'm getting this problem too with Vault server version 1.12.0.

[tibuntu]

Any chance this is going to be fixed soon?

[elopsod]

I'm getting this problem too with Vault server version 1.15.5.

[erikpartila]

Same issue here (Vault 1.15.4)..