Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option --mfa not supported for AzureAD #902

Closed
arthurhobspice opened this issue Oct 27, 2022 · 11 comments · Fixed by #1355
Closed

Option --mfa not supported for AzureAD #902

arthurhobspice opened this issue Oct 27, 2022 · 11 comments · Fixed by #1355

Comments

@arthurhobspice
Copy link

I would like to use the saml2aws command line option --mfa=... with AzureAD, so that I can pass in the 6-digit token using oathtool. With ADFS that worked fine, for provider = AzureAD the mfa option is ignored. Do you have it on the roadmap for a future release, or are there technical reasons that the option cannot be supported?
@ghost
Copy link

ghost commented Oct 27, 2022

I mean the option --mfa-token. Cannot edit the issue...

@kitos9112
Copy link

I'm also interested in this feature. Are there any blockers that'd not allow it?

@kitos9112
Copy link

I've got a local version working of this by passing the loginCredentials struct to a few functions and then adding a local if statement. I'll share this with you @arthurhobspice

@christianmeyer
Copy link
Contributor

@arthurhobspice eventually the option support the use of OATH TOTP SHA-1 tokens was not around when the MFA handler for the AzureAD provider was worked on. Currently it only supports server side triggered MFA tokens, thus no need to support handing in tokens via param. I quickly checked the implementation, and might be able to add that to the most recent AzureAD provider adoption tracked in #795
Any support would be welcome :)

@corleyscotte
Copy link

@christianmeyer thanks for working on this. Do you know if the --mfa-token= option is now being utilized when the provider is set to AzureAD? I updated to saml2aws version 2.36.8 but am still being prompted to enter a verification code.

@csotiriou csotiriou mentioned this issue Oct 31, 2023
Closed
hejfelix added a commit to hejfelix/saml2aws that referenced this issue Oct 16, 2024
@hejfelix
pass mfa-token in AzureAD provider (fix Versent#902)
cd7b0c3
@hejfelix hejfelix mentioned this issue Oct 16, 2024
Merged
@saitotqr
Copy link

@mapkon @hejfelix When will this version be released? I can't wait.

@hejfelix
Copy link
Contributor

hejfelix commented Nov 15, 2024
edited
Loading

I thought it was already out #1356 (comment)
?

@saitotqr
Copy link

@hejfelix
branch https://github.com/Versent/saml2aws/tree/v2.36.18 does not appear to contain changes to pull request #1355 .
--mfa-token option on azuread is not recognized in the v2.36.18 binary.

@saitotqr
Copy link

saitotqr commented Dec 4, 2024

How do you think? @hejfelix

@hejfelix
Copy link
Contributor

hejfelix commented Dec 4, 2024

Yeah I don't know what happened. I'm not a maintainer so I can't do much. Personally I just built my own binary. It was quite easy

@hejfelix
Copy link
Contributor

hejfelix commented Dec 6, 2024

I can see what went wrong. The release @tinaboyce announced was not based on the tip of the master branch, it was a commit from August (https://github.com/Versent/saml2aws/tree/v2.36.18). Not sure how that happened or if there was something later that they didn't want released yet.

It's not clear who is maintaining this project atm, but it seems they are going through some transition. Would be nice with a way to contact a maintainer

@saitotqr saitotqr mentioned this issue Dec 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

pass mfa-token in AzureAD provider hejfelix/saml2aws
6 participants
@christianmeyer @hejfelix @corleyscotte @kitos9112 @arthurhobspice @saitotqr