We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
System: macOS 14.2.1 (Sonoma) saml2aws version: 2.36.13 Issue:
I have Okta, and my only MFA option for Okta is my Yubikey. I attempted to log into saml2aws, and received:
saml2aws
The provided key handle is not present on the device, or was created with a different application parameter.
I ran: saml2aws --verbose login
saml2aws --verbose login
% saml2aws --verbose login DEBU[0000] Running command=login DEBU[0000] Check if creds exist. command=login DEBU[0000] Expand name=/Users/chris.schelin/.aws/credentials pkg=awsconfig DEBU[0000] resolveSymlink name=/Users/chris.schelin/.aws/credentials pkg=awsconfig DEBU[0000] ensureConfigExists filename=/Users/chris.schelin/.aws/credentials pkg=awsconfig Using IdP Account default to access Okta https://mbo.okta.com/home/amazon_aws/[guid]/272 DEBU[0000] Get credentials helper=osxkeychain serverURL="https://mbo.okta.com/home/amazon_aws/[guid]/272" DEBU[0000] Get credentials helper=osxkeychain user=chris.schelin DEBU[0000] Get credentials helper=osxkeychain serverURL="https://mbo.okta.com/home/amazon_aws/[guid]/272/sessionCookie" DEBU[0000] Get credentials helper=osxkeychain user=chris.schelin To use saved password just hit enter. ? Username chris.schelin ? Password DEBU[0001] building provider command=login idpAccount="account {\n DisableSessions: false\n DisableRememberDevice: false\n URL: https://mbo.okta.com/home/amazon_aws/[guid]/272\n Username: chris.schelin\n Provider: Okta\n MFA: YUBICO TOKEN:HARDWARE\n SkipVerify: false\n AmazonWebservicesURN: urn:amazon:webservices\n SessionDuration: 3600\n Profile: default\n RoleARN: \n Region: \n}" DEBU[0001] okta | disableSessions: false provider=okta DEBU[0001] okta | rememberDevice: true provider=okta Authenticating as chris.schelin ... DEBU[0001] auth with session func called provider=okta DEBU[0001] validate session func called provider=okta DEBU[0001] HTTP Req URL="https://mbo.okta.com/api/v1/sessions/me" http=client method=GET DEBU[0001] HTTP Req URL="https://mbo.okta.com/api/v1/authn" http=client method=POST DEBU[0002] HTTP Res Status="200 OK" http=client DEBU[0002] MFA factorID=[factorID] mfaIdentifer="FIDO WEBAUTHN" oktaVerify="https://mbo.okta.com/api/v1/authn/factors/[factorID]/verify?rememberDevice=true" provider=okta DEBU[0002] HTTP Req URL="https://mbo.okta.com/api/v1/authn/factors/[factorID]/verify?rememberDevice=true" http=client method=POST DEBU[0002] HTTP Res Status="200 OK" http=client The provided key handle is not present on the device, or was created with a different application parameter. tried all MFA options github.com/versent/saml2aws/v2/pkg/provider/okta.fidoWebAuthn github.com/versent/saml2aws/v2/pkg/provider/okta/okta.go:1367 github.com/versent/saml2aws/v2/pkg/provider/okta.verifyMfa github.com/versent/saml2aws/v2/pkg/provider/okta/okta.go:1308 github.com/versent/saml2aws/v2/pkg/provider/okta.(*Client).Authenticate github.com/versent/saml2aws/v2/pkg/provider/okta/okta.go:481 github.com/versent/saml2aws/v2/pkg/provider/okta.(*Client).authWithSession github.com/versent/saml2aws/v2/pkg/provider/okta/okta.go:300 github.com/versent/saml2aws/v2/pkg/provider/okta.(*Client).Authenticate github.com/versent/saml2aws/v2/pkg/provider/okta/okta.go:463 github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login github.com/versent/saml2aws/v2/cmd/saml2aws/commands/login.go:107 main.main github.com/versent/saml2aws/v2/cmd/saml2aws/main.go:195 runtime.main runtime/proc.go:267 runtime.goexit runtime/asm_arm64.s:1197 error verifying MFA github.com/versent/saml2aws/v2/pkg/provider/okta.(*Client).Authenticate github.com/versent/saml2aws/v2/pkg/provider/okta/okta.go:483 github.com/versent/saml2aws/v2/pkg/provider/okta.(*Client).authWithSession github.com/versent/saml2aws/v2/pkg/provider/okta/okta.go:300 github.com/versent/saml2aws/v2/pkg/provider/okta.(*Client).Authenticate github.com/versent/saml2aws/v2/pkg/provider/okta/okta.go:463 github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login github.com/versent/saml2aws/v2/cmd/saml2aws/commands/login.go:107 main.main github.com/versent/saml2aws/v2/cmd/saml2aws/main.go:195 runtime.main runtime/proc.go:267 runtime.goexit runtime/asm_arm64.s:1197 Error authenticating to IdP. github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login github.com/versent/saml2aws/v2/cmd/saml2aws/commands/login.go:109 main.main github.com/versent/saml2aws/v2/cmd/saml2aws/main.go:195 runtime.main runtime/proc.go:267 runtime.goexit runtime/asm_arm64.s:1197
My .saml2aws file contents:
.saml2aws
[default] name = default app_id = url = https://mbo.okta.com/home/amazon_aws/[guid]/272 username = chris.schelin provider = Okta mfa = YUBICO TOKEN:HARDWARE mfa_ip_address = skip_verify = false timeout = 0 aws_urn = urn:amazon:webservices aws_session_duration = 3600 aws_profile = default resource_id = subdomain = role_arn = region = http_attempts_count = http_retry_delay = credentials_file = saml_cache = false saml_cache_file = target_url = disable_remember_device = false disable_sessions = false download_browser_driver = false headless = false prompter =
So, uh, what gives?
The text was updated successfully, but these errors were encountered:
No branches or pull requests
System: macOS 14.2.1 (Sonoma)
saml2aws version: 2.36.13
Issue:
I have Okta, and my only MFA option for Okta is my Yubikey. I attempted to log into
saml2aws
, and received:I ran:
saml2aws --verbose login
My
.saml2aws
file contents:So, uh, what gives?
The text was updated successfully, but these errors were encountered: