-
Notifications
You must be signed in to change notification settings - Fork 564
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Okta Verify with Push issue #643
Comments
We're also experiencing the same issue with Okta Verify. The same applies to Google Authenicator. In both cases this triggers of when you use the saml2aws for the first time from a new device. Okta then considers this to be a "suspicious" session and triggers the enhanced MFA routine resulting in the three digits being displayed on the screen. It works okay if you are working with a standar web browser session as you can read the acutal required number and press it on the Okta Verify or Google Auth app. It would be good to update the saml2aws code to read from the Okta TLS session feedback and scrap the number returned and present it in the console. |
There is a pending merge request #793, would be great to have this feature soon. |
Hopefully the patch will be applied soon, but as a workaround, you can set the environment variable DUMP_CONTENT to true as outlined in https://github.com/Versent/saml2aws#debugging-issues-with-idps. As the documentation warns, this will output authentication related information so don't copy and paste it into chat or tickets. After authenticating, the response will contain a string like
Use that value to respond on your app. As far as I can tell, you'll only need to do it once. |
Hi there,
I am just starting out using saml2aws but am running into an issue using Okta Verify with push.
Because this is the first time login using an "unrecognized device", Okta Verify prompts me to match a number shown on the screen to 1 of 3 numbers displayed in the app.
Obviously no number is shown in saml2aws so I cant login
Has anyone experienced this and knows a way around it?
The text was updated successfully, but these errors were encountered: