ADFS with duo MFA always fails

[hcsyash]

Is There a support for ADFS provider along with DUO as an MFA ?
Tried alot but always fails with following error :-

"unable to classify response from auth server"

Detailed Logs :-
saml2aws login --verbose --duo-mfa-option="Duo Push"

time="2021-05-25T17:11:39+05:30" level=debug msg=Running command=login
time="2021-05-25T17:11:39+05:30" level=debug msg="check if Creds Exist" command=login
time="2021-05-25T17:11:39+05:30" level=debug msg=Expand name="C:\Users\user/.aws/credentials" pkg=awsconfig
time="2021-05-25T17:11:39+05:30" level=debug msg=resolveSymlink name="C:\Users\user\.aws\credentials" pkg=awsconfig
time="2021-05-25T17:11:39+05:30" level=debug msg=ensureConfigExists filename="C:\Users\user\.aws\credentials" pkg=awsconfig
Using IDP Account default to access ADFS https://sso.company.com
To use saved password just hit enter.
? Username
? Password *************

time="2021-05-25T17:11:52+05:30" level=debug msg="building provider" command=login idpAccount="account {\n URL: https://sso.harman.com\n Username: [email protected]\n Provider: ADFS\n MFA: Auto\n SkipVerify: false\n AmazonWebservicesURN: urn:amazon:webservices\n SessionDuration: 3600\n Profile: XXXX27842XXX\n RoleARN: \n Region: us-east-2\n}"
Authenticating as [email protected] ...
time="2021-05-25T17:11:53+05:30" level=debug msg="HTTP Req" URL="https://sso.company.com:XXX/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn%3Aamazon%3Awebservices&client-request-id=4a86f920-b52e-4d67-ff38-xxxxxxxx" http=client method=POST
time="2021-05-25T17:11:54+05:30" level=debug msg="HTTP Res" Status="200 OK" http=client
unable to classify response from auth server
github.com/versent/saml2aws/v2/pkg/provider/adfs.(*Client).Authenticate
C:/gopath/src/github.com/versent/saml2aws/pkg/provider/adfs/adfs.go:144
github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login
C:/gopath/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:104
main.main
C:/gopath/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:183
runtime.main
C:/go/src/runtime/proc.go:203
runtime.goexit
C:/go/src/runtime/asm_amd64.s:1357
error authenticating to IdP
github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login
C:/gopath/src/github.com/versent/saml2aws/cmd/saml2aws/commands/login.go:106
main.main
C:/gopath/src/github.com/versent/saml2aws/cmd/saml2aws/main.go:183
runtime.main
C:/go/src/runtime/proc.go:203
runtime.goexit
C:/go/src/runtime/asm_amd64.s:1357

config:-

name = default
app_id =
url = https://sso.company.com
username = [email protected]
provider = ADFS
mfa = Auto
skip_verify = false
timeout = 0
aws_urn = urn:amazon:webservices

[WeAreGroot]

I'm getting the same issue, @hcsyash did you ever get it to work?

[dboitnot]

This is because Duo wasn't supported by the ADFS provider (see #36). I've submitted #849 to add this feature. I've also submitted PR's #845 and #847 which address issues that could lead to similar errors.