Support okta idp factor

[giladsh1]

Problem Statement

When using the Identity Provider (IdP) factor authentication (Custom IdP Factor Authentication), there are additional SAML requests to the user authentication flow, which does not contain a relevant SAML assertion for parsing.

Solution

Added an additional optional parameter OKTA_IGNORE_SAML_REQ_CONTAIN to allow users to skip specific URLs that contains a string.

[giladsh1]

@mraible @jeremyplichtafc @vijaykramesh Hello
Anything we can do in order to push this being merged to master?
We have a couple of clients which wants to use this feature, and currently must checkout our branch and build custom jars.
Thank you very much for your attention and help!

[giladsh1]

Thank you very much for your quick response @mraible, much appreciated!
Is it possible to issue a release for this merge? otherwise, we will still need to compile a custom jar.
Please let me know if we can help push this in any way

[mraible]

I created a new release at https://github.com/oktadev/okta-aws-cli-assume-role/releases/tag/v2.0.5. I'm not sure where the description comes from. I'm not able to edit or remove it.

[giladsh1]

Thank you @mraible for all of you assistance!

You've been super helpful with this process, and I was wondering if I could get your assistance with one more thing.
We want to push users into using this tool to pass Okta custom IdP factor with the embedded browser.

The problem is we have some users which have 10 different combination of AWS accounts and roles.
When using other tools (like okta-awscli) which works in the terminal only, users can create a simple bash wrapper to authenticate as many times as they want, simply by clicking "Yes it's me" a bunch of time on their mobile deive.
However, when using a browser based authentication, they have to type their username + password each time, which is tedious.

I've seen that you have the ability to use macOS KeyChain for example.
Any chance this is possible using the browser?
If not, do you know of anyway to inject the email and/or password to the browser in runtime?
I've also tried contacting Okta support to tackle this issue by adding a login hint to the app embed link, but it seems that it's not possible.

Thank you very much for your attention and help!

[mraible]

@giladsh1 I'm happy to help in any way I can. However, I would like to make you aware that I know virtually nothing about this project. It was started by an Okta employee who joined before I did. I started in February 2017. It's been "kept alive" by community contributors like yourself. It's strange to have an OSS project that's not really led by anyone.

I think what you need to accomplish what you'd like is some sort of device trust flow. We're working on that, but I can't promise any dates. With any luck, it'll be GA by the end of the year. Hope this helps.