Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Passcode #162

Closed
zhernovs opened this issue Mar 16, 2020 · 1 comment · Fixed by #353
Closed

Support for Passcode #162

zhernovs opened this issue Mar 16, 2020 · 1 comment · Fixed by #353
Labels
enhancement help wanted

Comments

@zhernovs
Copy link

In the latest version it's now available to choose auth method for DUO if default one not chosen.
However, despite the fact that it now recognizes the Passcode method, it still works with push only.

Sending request for authentication
Waiting for additional authentication
No default authentication method configured.
Please enter your desired authentication method (Ex: Duo Push): Passcode
Triggering authentication method: 'Passcode'
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.7/threading.py", line 754, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/home/zhernovs/.local/lib/python2.7/site-packages/aws_adfs/_duo_authenticator.py", line 132, in _perform_authentication_transaction
    ssl_verification_enabled
  File "/home/zhernovs/.local/lib/python2.7/site-packages/aws_adfs/_duo_authenticator.py", line 565, in _begin_authentication_transaction
    u'Cannot begin authentication process. The error response: {}'.format(response.text)
ClickException: Cannot begin authentication process. The error response: {"message": "Please enter a passcode.", "stat": "FAIL"}

Please add functionality to enter passcode in that case. Some devices just don't support Duo-push.
@lincolnatwood
Copy link

Here's what worked for me:

Updates in _perform_authentication_transaction method:

Insert at line 134:

    if ('Passcode' in preferred_factor) and not use_u2f:
        passcode = click.prompt(text='Please enter your passcode (Ex: 123456)', type=str)        
    else: 
        passcode = ''

Updated call to _begin_authentication_transaction to pass passcode variable:

    transaction_id = _begin_authentication_transaction(
        duo_host,
        sid,
        preferred_factor,
        preferred_device,
        use_u2f,
        session,
        ssl_verification_enabled,
        passcode
    )

Updates in _begin_authentication_transaction method:

Updated def to include passcode

def _begin_authentication_transaction(duo_host, sid, preferred_factor, preferred_device, u2f_supported, session,
                                      ssl_verification_enabled, passcode):

Updated session.post to include passcode:

        response = session.post(
            prompt_for_url,
            verify=ssl_verification_enabled,
            headers=_headers,
            data={
                'sid': sid,
                'device': preferred_device,
                'factor': preferred_factor,
                'passcode': passcode,                    
                'out_of_date': ''
            }
        )

@trav-c trav-c mentioned this issue Oct 22, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Duo Passcode support for both traditional and universal prompt trav-c/aws-adfs
3 participants
@pdecat @zhernovs @lincolnatwood