in pkg/provider/adfs2/rsa.go [19:82]
func (ac *Client) authenticateRsa(loginDetails *creds.LoginDetails) (string, error) {
authSubmitURL, authForm, err := ac.getLoginForm(loginDetails)
if err != nil {
return "", errors.Wrap(err, "error retrieving login form from idp")
}
doc, err := ac.postLoginForm(authSubmitURL, authForm)
if err != nil {
return "", errors.Wrap(err, "error posting login form to idp")
}
passcodeForm, passcodeActionURL, err := extractFormData(doc)
if err != nil {
return "", errors.Wrap(err, "error extractign login data")
}
/**
* RSAv2 requires an additional POST to establish a context
* https://github.com/torric1/AWSCLI-MFA-RSAv2
* https://gist.github.com/jgard/17262e0fc073c82bc7930db2f5603446
*/
if passcodeForm.Get("AuthMethod") == "SecurIDv2Authentication" {
doc, err = ac.postPasscodeForm(passcodeActionURL, passcodeForm)
if err != nil {
return "", errors.Wrap(err, "error posting passcode form")
}
}
passcodeForm, passcodeActionURL, err = extractFormData(doc)
if err != nil {
return "", errors.Wrap(err, "error extracting mfa form data")
}
token := prompter.Password("Enter passcode")
passcodeForm.Set("ChallengeQuestionAnswer", token)
passcodeForm.Set("Passcode", token)
passcodeForm.Del("submit")
doc, err = ac.postPasscodeForm(passcodeActionURL, passcodeForm)
if err != nil {
return "", errors.Wrap(err, "error posting login form to idp")
}
rsaForm, rsaActionURL, err := extractFormData(doc)
if err != nil {
return "", errors.Wrap(err, "error extracting rsa form data")
}
if rsaForm.Get("SAMLResponse") == "" {
nextCode := prompter.Password("Enter nextCode")
rsaForm.Set("ChallengeQuestionAnswer", token)
rsaForm.Set("NextCode", nextCode)
rsaForm.Del("submit")
doc, err = ac.postRSAForm(rsaActionURL, rsaForm)
if err != nil {
return "", errors.Wrap(err, "error posting rsa form")
}
}
return extractSamlAssertion(doc)
}