Does not give selections for MFA

[cyberious]

With the latest release and a fresh install the tool does not provide a list of MFA options but leaves an empty selection despite multiple setup.

Multi-factor Authentication required.
Pick a factor:
Selection: 0
Traceback (most recent call last):
  File "/usr/local/bin/gimme-aws-creds", line 17, in <module>
    GimmeAWSCreds().run()
  File "/usr/local/lib/python3.6/site-packages/gimme_aws_creds/main.py", line 441, in run
    saml_data = okta.get_saml_response(aws_app['links']['appLink'])
  File "/usr/local/lib/python3.6/site-packages/gimme_aws_creds/okta.py", line 426, in get_saml_response
    api_response = self.stepup_auth(url, state_token)
  File "/usr/local/lib/python3.6/site-packages/gimme_aws_creds/okta.py", line 85, in stepup_auth
    flow_state['stateToken'], flow_state['apiResponse'])
  File "/usr/local/lib/python3.6/site-packages/gimme_aws_creds/okta.py", line 260, in _next_login_step
    return self._login_multi_factor(state_token, login_data)
  File "/usr/local/lib/python3.6/site-packages/gimme_aws_creds/okta.py", line 361, in _login_multi_factor
    factor = self._choose_factor(login_data['_embedded']['factors'])
  File "/usr/local/lib/python3.6/site-packages/gimme_aws_creds/okta.py", line 516, in _choose_factor
    return factors[int(selection)]
IndexError: list index out of range

Fresh python3 install via homebrew..

List of Python packages installed.

Package              Version  
-------------------- ---------
argcomplete          1.8.2    
asn1crypto           0.24.0   
azure-common         1.1.8    
azure-nspkg          2.0.0    
azure-storage-blob   0.37.1   
azure-storage-common 0.37.1   
azure-storage-file   0.37.0   
azure-storage-nspkg  3.0.0    
beautifulsoup4       4.6.0    
bitstring            3.1.5    
blobxfer             1.1.0    
boto3                1.7.25   
botocore             1.10.25  
certifi              2018.1.18
cffi                 1.11.4   
chardet              3.0.4    
click                6.7      
configparser         3.5.0    
cryptography         2.1.4    
decorator            4.0.11   
docutils             0.14     
editor               0.1.0    
future               0.16.0   
futures              3.1.1    
gimme-aws-creds      1.0.13   
idna                 2.6      
jmespath             0.9.3    
jsonpath-rw          1.4.0    
keyring              10.6.0   
okta                 0.0.4    
pip                  10.0.1   
ply                  3.10     
prettytable          0.7.2    
pycparser            2.18     
python-dateutil      2.6.1    
PyYAML               3.12     
requests             2.18.4   
ruamel.yaml          0.15.35  
s3transfer           0.1.13   
setuptools           39.0.1   
six                  1.10.0   
urllib3              1.22     
wheel                0.31.0   

[epierce]

I just ran into a user with the same problem. Do you have preferred_mfa_type in ~/.okta_aws_login_config? They had set that to "push" and then removed Okta Verify from their account.

[Sector95]

It looks as though cyberius may not have had any factors enrolled... Is that a possible case in Okta? If so, we should print out an error stating that MFA is enabled on the account, but no factors are enrolled, when the factors list is zero length.

[epierce]

It shouldn't be possible - if you don't have any factors registered, you should get prompted for enrollment. GAC doesn't support the enrollment flow, so it returns You must enroll in MFA before using this tool. and exits.

[Sector95]

Closing due to inactivity.