Comments (15)
ido-vcita
commented on May 26, 2024
12
Any updates? We are having issues as well with okta and AWS SSO :(
from okta-awscli.
dovy
commented on May 26, 2024
6
Same
from okta-awscli.
banyek
commented on May 26, 2024
1
crickets...
from okta-awscli.
vinod4086
commented on May 26, 2024
1
Hi All.. I faced this issue at times.. And the resolution is, I had to turn-off my cyber-security tool zscaler in-order to authenticate with okta-awscli..
Once after the authentication, I will enable zscaler.. Hope this helps for some users..
from okta-awscli.
rohanprasad
commented on May 26, 2024
I RCA'd this to an error on Okta's end. In my case I didn't have access to the app in okta. @jmhale I was thinking to raise a PR to show this error message instead on crashing, let me know.
from okta-awscli.
jmhale
commented on May 26, 2024
@rohanprasad That makes sense. You're probably getting the Extra Verification page in Okta, which is pushing down the per-app MFA logic branch in okta-awscli, but then it's freaking out when it doesn't get an assertion back.
I think we just need to clean up how that logging statement looks and handles a NoneType assertion.
A PR is more than welcome if you have one handy. Note that I just refactored a bunch of other stuff related to MFA, so you might need to pull a fresh develop branch down.
from okta-awscli.
kvsouza
commented on May 26, 2024
Same. Any solution?
from okta-awscli.
nsharma-fy
commented on May 26, 2024
Same issue with python 3.9. Works fine without MFA, but doesn't work with Okta Verify token.
from okta-awscli.
duncanwraight
commented on May 26, 2024
I'm encountering the same problem. If I add some prints to the okta-awscli module, it looks like the get_simple_assertion / get_mfa_assertion from okta_auth.py are returning a basic HTML containing a JavaScript redirect which BeautifulSoup can't handle.
<!DOCTYPE html>
<html lang="en">
<body>
<script type="text/javascript">
(function() {
var hashArgs = "#" + (window.location.href.split("#")[1] || "");
var queryParams = window.location.search ? (window.location.search + "&") : "?";
var encodedHashArgs = "hashArgs=" + encodeURIComponent( hashArgs );
var redirectUrl = window.location.pathname + queryParams + encodedHashArgs;
window.location.replace( redirectUrl );
})();
</script>
<noscript>
<div style="width: 22em; position: absolute; left: 50%; margin-left: -11em; color: red; background-color: white; border: 1px solid red; padding: 1em; font-family: sans-serif">
Your web browser must have JavaScript enabled
in order for this application to display correctly.
</div>
</noscript>
</body>
</html>
Is this something to do with an Okta change? Or perhaps I'm using okta-awscli incorrectly? I noticed on an Okta blog video for instance that they ran aws configure sso - is this something I need to do before using okta-awscli?
from okta-awscli.
angelalbericisfdc
commented on May 26, 2024
Team, do we have any workaround? it's a showstopper for one of my team members; we are unsure of what is producing it
FYI @jmhale
from okta-awscli.
raul-gherman-modaoperandi
commented on May 26, 2024
guys, any updates on this one?
facing just the same...
from okta-awscli.
MonkeyJerr
commented on May 26, 2024
help
from okta-awscli.
maxtacu
commented on May 26, 2024
help
will try on weekend to take a look
from okta-awscli.
kedare
commented on May 26, 2024
I just gave up and used this one that works perfectly
https://github.com/okta/okta-aws-cli
from okta-awscli.
be-a-bee
commented on May 26, 2024
Hi All, I am also facing this issue.
user@L100687MIN ~ % okta-awscli --okta-profile uas --profile uas
Enter password:
ERROR - Unsupported factorType: sms
Registered MFA factors:
1: Okta Verify - Push
2: Okta Verify
Please select the MFA factor: 2
Enter MFA verification code: 123456
ERROR - No Extra Verification
Traceback (most recent call last):
File "/opt/homebrew/bin/okta-awscli", line 8, in
sys.exit(main())
^^^^^^
File "/opt/homebrew/opt/python-click/lib/python3.12/site-packages/click/core.py", line 1157, in call
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/opt/python-click/lib/python3.12/site-packages/click/core.py", line 1078, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "/opt/homebrew/opt/python-click/lib/python3.12/site-packages/click/core.py", line 1434, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/opt/python-click/lib/python3.12/site-packages/click/core.py", line 783, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/okta-awscli/0.5.4_3/libexec/lib/python3.12/site-packages/oktaawscli/okta_awscli.py", line 141, in main
get_credentials(
File "/opt/homebrew/Cellar/okta-awscli/0.5.4_3/libexec/lib/python3.12/site-packages/oktaawscli/okta_awscli.py", line 36, in get_credentials
_, assertion = okta.get_assertion()
^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/okta-awscli/0.5.4_3/libexec/lib/python3.12/site-packages/oktaawscli/okta_auth.py", line 165, in get_assertion
assertion = self.get_saml_assertion(resp)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/okta-awscli/0.5.4_3/libexec/lib/python3.12/site-packages/oktaawscli/okta_auth.py", line 149, in get_saml_assertion
self.logger.error("SAML assertion not valid: " + assertion)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
TypeError: can only concatenate str (not "NoneType") to str
from okta-awscli.
Related Issues (20)
- okta-awscli --config fails
- Push notification MFA fails with: KeyError: 'next' HOT 1
- UnboundLocalError when Okta password is expired
- okta-cli does not work, seems 'role' is missing in 'Please select the AWS role' HOT 1
- Default AWS profile is set even if profile is configured HOT 3
- New AWS Okta SSO authentication approach HOT 1
- okta-awscli crashes upon authentication failure after a change in required MFA methods in Okta
- okta-awscli duplicates the config file when appending to it HOT 1
- Authenticate without waiting for MFA to refresh
- First factor_type always selected if factor set in .okta-aws config
- macos: SSL validation failed for https://sts.amazonaws.com/ [Errno 2] No such file or directory HOT 1
- AwsAuth.get_sts_token doesn't work w/o a logger
- When self.factor is set to a type not available from okta, program crashes
- MFA code accepted even though it is incorrect HOT 2
- Support logging into AWS China (possibly a regression) HOT 1
- Docker Run Issue
- Contributing back our internal changes HOT 1
- Allow addition config items to be "defaulted"
- Okta-awscli uses Click 7.x which is incompatible with latest version of many tools
- Multiple Verify devices, no push auth recieved
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from okta-awscli.