Add sessionToken to dict where step-up code expects it #448
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Sometimes, Okta requires a step-up authentication when accessing the AWS Okta application. The Duo Universal prompt support worked in the case where step-up was not required, but returned a session data structure that the step-up handling code did not expect. I've changed the Duo Universal Prompt auth to return
sessionToken
whereOktaClassicClient.get_saml_response()
expects to find it for use in step-up authentication.Related Issue
#447
Motivation and Context
Authentication doesn't work if Okta requires step-up auth with Duo Universal Prompt enabled.
How Has This Been Tested?
We had a few people at our org encounter this issue after disabling Duo's traditional prompt in our Okta tenant. I found the additional step-up authentication code path when debugging with them, and realized the data structure I had returned from Univeral Prompt implementation was different than the step-up code expected. Adding the session token at the expected key resolved the issue for them.
Screenshots (if appropriate):
Types of changes
Checklist: