-
Notifications
You must be signed in to change notification settings - Fork 562
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Response did not contain a valid SAML assertion #144
Comments
If your using an MFA with ADFS (3.0) then you will need to modify saml2aws to support the intermediate request used by your MFA. This normally means a bit of debugging in chrome to see what is going on behind the scenes. You can kind of get the gist of it with the existing MFA code. What is the MFA your using? |
I am using the Google Authenticator |
I am using OKTA with OKTA MFA and I am getting the exact error after authentication and Authorization while the debug says status=200 ok. |
+1 using OKTA got the exact error. |
Can you share more info about your configuration as well as the debug logging with the |
? Please choose a provider: ADFS ? URL https://fs.example.com/adfs/ls/idpinitiatedsignon.htm ? Password account { Configuration saved for IDP account: default saml2aws login Authenticating as xxx@example.com ... We use OKTA MFA for our ADFS service. |
I had the same issue, make sure you're not required to be on some company VPN before connecting. That's the way it behaves if it is required. |
@mphoratiu we don't use VPN, without MFA saml2aws worked perfectly. Once MFA enabled, it stopped working. It didn't even prompt me to enter the passcode, which is demonstrated in the official doc. $ saml2aws login Authenticating as mark.wolfe@example.com ... Selected role: arn:aws:iam::123123123123:role/AWS-Admin-CloudOPSNonProd Your new access key pair has been stored in the AWS configuration |
I just thought I'd drop a note in here, I had this error when I was trying to set up my access on a new computer and it ended up being my Okta account being locked. I normally didn't have to enter a password but I guess the first time you log in I had to. My account was locked because normally I would enter a blank or bogus password. Also commenting for my future self when I find this again ;) |
+1 using Okta provider and Push MFA.
The results are the same even if you provide |
I do however get a notification from my MFA authenticator after attempting to login.
Configuration:
ADFS
Auto
The text was updated successfully, but these errors were encountered: