AzureAD: unable to locate IDP oidc form submit URL

[teddevaal]

Configured according to documentation: Azure AD

Version: 2.28.4

Config

[default]
app_id               = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
url                  = https://account.activedirectory.windowsazure.com
username             = xxxxxx@xxxxxxxxx.com
provider             = AzureAD
mfa                  = Auto
skip_verify          = false
timeout              = 0
aws_urn              = urn:amazon:webservices
aws_session_duration = 3600
aws_profile          = saml
resource_id          = 
subdomain            = 
role_arn             = 
region               = 
http_attempts_count  = 
http_retry_delay     = 
Name                 = default
credentials_file     = 
saml_cache           = false

Output

saml2aws login --verbose

time="2021-03-31T17:23:40+11:00" level=debug msg=Running command=login
time="2021-03-31T17:23:40+11:00" level=debug msg="check if Creds Exist" command=login
time="2021-03-31T17:23:40+11:00" level=debug msg=Expand name=/home/teddevaal/.aws/credentials pkg=awsconfig
time="2021-03-31T17:23:40+11:00" level=debug msg=resolveSymlink name=/home/teddevaal/.aws/credentials pkg=awsconfig
time="2021-03-31T17:23:40+11:00" level=debug msg=ensureConfigExists filename=/home/teddevaal/.aws/credentials pkg=awsconfig
Using IDP Account default to access AzureAD https://account.activedirectory.windowsazure.com
To use saved password just hit enter.
Username (xxxxxx@xxxxxxxxxxxxxx.com) 
Password **********
time="2021-03-31T17:23:47+11:00" level=debug msg="building provider" command=login idpAccount="account {\n  AppID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\n  URL: https://account.activedirectory.windowsazure.com\n  Username: xxxxxx@xxxxxxxxxxxxxx.com\n  Provider: AzureAD\n  MFA: Auto\n  SkipVerify: false\n  AmazonWebservicesURN: urn:amazon:webservices\n  SessionDuration: 3600\n  Profile: saml\n  RoleARN: \n  Region: \n}"
Authenticating as xxxxxx@xxxxxxxxxxxxxx.com ...
time="2021-03-31T17:23:48+11:00" level=debug msg="HTTP Req" URL="https://login.microsoftonline.com/common/login" http=client method=POST
time="2021-03-31T17:23:49+11:00" level=debug msg="HTTP Res" Status="200 OK" http=client
unable to locate IDP oidc form submit URL
error authenticating to IdP
github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login
	github.com/versent/saml2aws/v2/cmd/saml2aws/commands/login.go:103
main.main
	command-line-arguments/main.go:180
runtime.main
	runtime/proc.go:225
runtime.goexit
	runtime/asm_amd64.s:1371

Observation

When using saml2aws, a POST is made to https://login.microsoftonline.com/common/login.
However, when using Microsoft My Apps, https://account.activedirectory.windowsazure.com/applications/redirecttoapplication.aspx?Operation=LinkedSignIn&applicationId={app_id}&tenantId={tenant_id}
is redirected to https://login.microsoftonline.com/{tenant_id}/saml2?SAMLRequest={saml_request}.

[biship]

Azure AD does not work in 2.30.0

[kenchan0130]

Duplicate with #628

[digihunch]

I came across this error today with version 2.35.0, I use Azure AD as identity store
It turns out that this is because my password is up for an update and Azure AD is trying to prompt me for a password change.
The error message is very confusing. As soon as I change my password, it is working again.