-
Notifications
You must be signed in to change notification settings - Fork 262
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Duo push and passcode support in Okta is too simplistic #427
Comments
a 5 minute hack give a not exactly pretty patch replace lines 802 to 808 in okta_classic.py with :
But it seems to do whats needed ... the first while loop is to manage what the len(factors) = 1 check used to do and make sure that if Okta start returning push and passcode as valid Duo methods we don't add them a 2nd time (limitation here is it assumes that if they do change this they will start returning all 3 and not just add one of push or passcode), 2nd loop adds push and passcode if only duo web is present. |
The if statement in PR #217 is too simplistic, it also assumes that the user doesn't have any other MFA methods configured ... Google Authenticator for example
Expected Behavior
push and passcode options for DUO via Okta should be available if more than 1 MFA is configured.
Current Behavior
if another MFA token eg Google Authenticator is added to the Okta account along side Duo then only web: Duo is available.
Possible Solution
iterate over the list of factors and only add push & passcode to the list if provider == DUO and factortype push & passcode are not present.
Steps to Reproduce (for bugs)
Add Google Authenticator and Duo as MFA methods on an Okta account
run gimmie-aws-creds
after authentication
Pick a factor shows
[0] token:software:totp( GOOGLE ) : xxx@xxxxxxxxx
[1] web: Duo
Attaching a debugger you can see that the factors variable is :
so the len of factors is 2 so the code block to add push and passcode is never executed.
Your Environment
The text was updated successfully, but these errors were encountered: