Unable to enter 2FA OTP in frodo conn add

[jgdtech]

Frodo CLI version

Provide output of frodo -v You are running the NPM package. Installed versions: cli: v2.0.0-55 lib: v2.0.0-64 node: v20 11.1

Describe the issue

$ frodo conn add https://my tenant.id.forgerock.io/am myemail@me.com "$PW" 2FA is enabled and required for this user...

I never get the 2FA prompt. I cannot continue to add connection.

[vscheuber]

@jgdtech what type of MFA have you configured for your admin? Frodo only supports OTP, not WebAuthN. However, there should be a prompt telling you that, so either way there is something wrong and I have to check if the admin MFA journeys have changed in ID Cloud.

I've been considering adding browser support to Frodo so we could support any login journey thrown at us but we haven't had the bandwidth to do that, yet.

[jgdtech]

OTP via ForgeRock Authenticator app.

On Tue, Apr 16, 2024, 18:36 Volker Scheuber @.***> wrote:

@jgdtech https://github.com/jgdtech what type of MFA have you configured for your admin? Frodo only supports OTP, not WebAuthN. However, there should be a prompt telling you that, so either way there is something wrong and I have to check if the admin MFA journeys have changed in ID Cloud.

I've been considering adding browser support to Frodo so we could support any login journey thrown at us but we haven't had the bandwidth to do that, yet.

— Reply to this email directly, view it on GitHub https://github.com/rockcarver/frodo-cli/issues/385#issuecomment-2060119379, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXBIWLBNDZ6U7LQJBUEPNDY5W7Y5AVCNFSM6AAAAABGKIJ4IKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRQGEYTSMZXHE . You are receiving this because you were mentioned.Message ID: @.***>

[vscheuber]

Hm... I just tested that a couple of weeks ago. Can you test with frodo info command? It should work like this:

% frodo info volker-dev volker@scheuber.name 'F@m4Rdev3MEehrvs'
Multi-factor authentication is enabled and required for this user.
Enter verification code: 284271
Connected to https://openam-volker-dev.forgeblocks.com/am [alpha] as user volker@scheuber.name
...

I do remember fixing something, though, in a recent version, so make sure you are running close to the latest:

% frodo -v
You are running the NPM package.
Installed versions:
cli: v2.0.0-55
lib: v2.0.0-77
node: v20.5.1

[vscheuber]

@jgdtech something is off with your library version... as a matter of fact, I am surprised anything works with the mismatch between cli and lib versions. CLI 2.0.0-55 requires LIB 2.0.0-77. You are somehow stuck on 2.0.0-64 for library, which is too old and quite a few commands may break because of it.

[jgdtech]

Interesting. I tried on my phone (Android, running termux) and had success.

~/frodo-cli $ frodo -v You are running the NPM package. Installed versions: cli: v2.0.0-55 lib: v2.0.0-77 node: v21.6.2

I'll check the work laptop and Windows git bash tomorrow and let you know.

Thanks, Jimmy

On Tue, Apr 16, 2024, 18:52 Volker Scheuber @.***> wrote:

@jgdtech https://github.com/jgdtech something is off with you library version... as a matter of fact, I am surprised anything works with the mismatch between cli and lib versions. CLI 2.0.0-55 requires LIB 2.0.0-77. You are somehow stuck on 2.0.0-64 for library, which is too old and quite a few commands may break because of it.

— Reply to this email directly, view it on GitHub https://github.com/rockcarver/frodo-cli/issues/385#issuecomment-2060144631, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXBIWOPZDIJLZ6NN6WH5ZTY5XBWFAVCNFSM6AAAAABGKIJ4IKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRQGE2DINRTGE . You are receiving this because you were mentioned.Message ID: @.***>

[jgdtech]

On my Windows host with git bash, I removed node_modules folder then reinstalled. npm i; npm run build:local; npm i -g; frodo -v

cli: v2.0.0-55 lib: v2.0.0-77 node: v20.11.1

But frodo conn add tells me "Multi-factor authentication is enabled and required for this user." Yet I never get the next prompt on Windows that I do see on my phone:

Multi-factor authentication is enabled and required for this user. Enter verification code:

I never get that Enter verification code: prompt on Windows. It's been sitting there for a good 5 minutes. :(

[jgdtech]

[vscheuber]

@jgdtech that is troublesome! Looks like a platform specific issue. I develop on MacOS and while we run our unit tests across all platforms, we don't have test automation (yet) for the MFA prompt. I'll test in my Windows VM and see if I can reproduce what you are seeing. Out of curiosity: Would you mind running the following command (using your own tenant of course) and see if you get the confirmation prompt on Windows?:

% frodo journey prune volker-dev
Connected to https://openam-volker-dev.forgeblocks.com/am [alpha] as service account Frodo-SA-1712175401543 [eb108b7a-e039-40bc-9764-84bed891fee1]
✔ 1314 total nodes
✔ 1216 active nodes
✔ 98 orphaned nodes
Prune (permanently delete) orphaned nodes? (y|n): n
%

[jgdtech]

I get at end of the prune command:

0 orphaned nodes No orphaned nodes found.

On Wed, Apr 17, 2024, 10:52 Volker Scheuber @.***> wrote:

@jgdtech https://github.com/jgdtech that is troublesome! Looks like a platform specific issue. I develop on MacOS and while we run our unit tests across all platforms, we don't have test automation (yet) for the MFA prompt. I'll test in my Windows VM and see if I can reproduce what you are seeing. Out of curiosity: Would you mind running the following command (using your own tenant of course) and see if you get the confirmation prompt on Windows?:

% frodo journey prune volker-dev Connected to https://openam-volker-dev.forgeblocks.com/am [alpha] as service account Frodo-SA-1712175401543 [eb108b7a-e039-40bc-9764-84bed891fee1] ✔ 1314 total nodes ✔ 1216 active nodes ✔ 98 orphaned nodes Prune (permanently delete) orphaned nodes? (y|n): n %

— Reply to this email directly, view it on GitHub https://github.com/rockcarver/frodo-cli/issues/385#issuecomment-2061754097, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXBIWLF7N3VJSVZI5ZH57DY52SFBAVCNFSM6AAAAABGKIJ4IKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRRG42TIMBZG4 . You are receiving this because you were mentioned.Message ID: @.***>

[vscheuber]

@jgdtech I tried to reproduce on Windows with the latest build but it appears to be working fine for me. I know your setup was slightly special due to git bash but I don't see a way to dupe this.

It could also be that some of our recent changes have remedied the issue.

frodo conn save https://openam-volker-dev.forgeblocks.com/am volker@scheuber.name "5up3r53cr3t!"
Multi-factor authentication is enabled and required for this user.
Enter verification code: 141420
Connected to https://openam-volker-dev.forgeblocks.com/am [alpha] as user volker@scheuber.name
Created and added service account Frodo-SA-1718847016944 with id d2a50830-d6f4-4dec-a0a2-986cc5956ab7 to profile.
Created log API key 9935d058460a608e9eace73109592293 and secret.
Saved connection profile https://openam-volker-dev.forgeblocks.com/am

Closing for now, please re-open if you are still struggling with this.