Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logging in when Okta MFA enabled does not work #61

Closed
kylebinns opened this issue Dec 14, 2017 · 5 comments
Closed

Logging in when Okta MFA enabled does not work #61

kylebinns opened this issue Dec 14, 2017 · 5 comments

Comments

@kylebinns
Copy link

This worked great for me when Okta MFA was turned off in my organization. Since we enabled it, this process seems to fail, giving me the message: You do not have access to AWS through Okta. None of my AWS settings have changed.

At first glance, the Document received from the launchOktaAwsApp method is a redirect page and does not contain the SAML token in the form expected to use to call AWS. Things work fine if I disable MFA, but that is not a acceptable workaround.
@rdegges
Copy link
Contributor

rdegges commented Dec 14, 2017

Hmm.

We don't have a dedicated maintainer for this tool at the moment, but if you want to contribute a PR to help fix this I'd be more than happy to merge. I apologize.

@amgrice
Copy link

amgrice commented Dec 28, 2017

I'm not sure if you're having the exact same issue, @kylebinns but I seem to be running into something similar.

I'm using Google Authenticator, but get an exception like the one you mentioned in that I don't have access. But to me, it seems that might be stemming from something going wrong when it tries to create the JSONArray for the MFA factors to select from:

Multi-Factor authentication is required. Please select a factor to use.
Factors:
[ 1 ] : Google Authenticator
org.json.JSONException: JSONArray[1] not found.
	at org.json.JSONArray.get(JSONArray.java:204)
	at org.json.JSONArray.getJSONObject(JSONArray.java:409)
	at com.okta.tools.OktaAwsCliAssumeRole.selectFactor(OktaAwsCliAssumeRole.java:461)
	at com.okta.tools.OktaAwsCliAssumeRole.promptForFactor(OktaAwsCliAssumeRole.java:380)
	at com.okta.tools.OktaAwsCliAssumeRole.getOktaSessionToken(OktaAwsCliAssumeRole.java:112)
	at com.okta.tools.OktaAwsCliAssumeRole.run(OktaAwsCliAssumeRole.java:82)
	at com.okta.tools.awscli.main(awscli.java:10)
Exception in thread "main" java.lang.RuntimeException: You do not have access to AWS through Okta.
Please contact your administrator.
	at com.okta.tools.OktaAwsCliAssumeRole.getSamlResponseForAws(OktaAwsCliAssumeRole.java:241)
	at com.okta.tools.OktaAwsCliAssumeRole.run(OktaAwsCliAssumeRole.java:83)
	at com.okta.tools.awscli.main(awscli.java:10)

@AlainODea
Copy link
Contributor

@connorthomasmccabe you encountered this and I think you were close to a fix, right?

@connorthomasmccabe
Copy link
Contributor

@kylebinns @amgrice

I have a PR open for this issue.

@rdegges
Copy link
Contributor

rdegges commented Jan 3, 2018

Merged just now. Closing!

@rdegges rdegges closed this as completed Jan 3, 2018
@rp4rk rp4rk mentioned this issue Mar 16, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@AlainODea @rdegges @amgrice @connorthomasmccabe @kylebinns