-
Notifications
You must be signed in to change notification settings - Fork 564
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
catching other hid device errors and prompt for FIDO auth selections #668
base: master
Are you sure you want to change the base?
Conversation
sync from base saml2aws
print out devices info deference the device pointer and print print out MFA also add more logging and catch more errors? fix logging still fixing logging more logging not an address add more logging add more logging around mfaoptions always prompt for which MFA getting all the matching mfas back add more logging
Catch other ubsdeviceerrors
Hi @wolfeidau recently we've faced an issue with the problem this PR solves. Okta returns the full list of FIDO MFAs and without the ability to choose the factor (let's say Yubikey) Using the code from this PR resolves this by adding an ability to specifically choose which FIDO device to use for each authorization. Is there anything we can do/help with to move forward with this approach? |
fix mfa options
@@ -85,6 +85,12 @@ type mfaChallengeContext struct { | |||
challengeResponseBody string | |||
} | |||
|
|||
// mfaOption store the mfa position in response and mfa description | |||
type mfaOption struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hinling-sonder WDYT about extracting the profile.authenticatorName
from the json and add it to this struct to have a human-readable MFA option in the prompt? I found it really helpful to have this instead of the full profile
field.
Try to fix the following problems: