我正在构建一个SAML集成脚本，将Azure连接到支持SAML的AWS帐户。我有这个脚本的工作，但添加MFA已被证明是非常有问题的。你知道吗

MFA进程有三个部分：beginuth、EndAuth和ProcessAuth。我正在使用OneWaySMS（sms文本）进行此操作。beginuth的数据段如下所示：（Content Type as application/json）

ctx和flowtoken等变量取自上一篇文章，然后在下一篇文章中使用。你知道吗

> payload = { 'AuthMethodId': 'OneWaySMS', 'Method': 'BeginAuth', 'ctx':
> sctx, 'flowToken': flowtoken  }
> responsemfa1 = s.post(urlbeginauth,headers=headers, json=payload)

然后用户将得到一个SMS文本/代码，然后输入，然后我调用EndAuth，将代码发送到additionalauthdata:（Content Type as application/json）

> payload = { 'Method': 'EndAuth', 'SessionId': sessionid, 'FlowToken':
> flowtoken, 'Ctx': ctx, 'AuthMethodId':
> authmethodid,'AdditionalAuthData': additionalauthdata, 'PollCount':
> pollcount }
>  responsemfa2 = s.post(urlendauth, json=payload)

所有响应都表示成功，但ProcessAuth POST并没有像它应该返回的那样返回SAML断言：（Content Type as application/x-www-form-urlencoded，或者至少这是我在处理此事务时在Fiddler中看到的。）

payload = {'type': '18', 'GeneralVerify': 'false', 'request': ctxend, 'canary': canarylogin, 'mfaAuthMethod': 'OneWaySMS', 'otc': additionalauthdata, 'login': postusername, 'flowToken': flowtoken }

  responsemfa3 = s.post(urlprocessauth, data=payload) 

回答是：（为简洁起见剪掉了）：

$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://aadcdn.msauth.net/ests/2.1/","urlFooterTOU":"https://www.microsoft.com/en-US/servicesagreement/","urlFooterPrivacy":"https://privacy.microsoft.com/en-US/privacystatement","urlPost":"/kmsi","iPawnIcon":0,"sPOST_Username":"<snipped>","sFT":"AQABAAEAAAAP0wLlqdLVToOpA4kwzSnxotmt93hdnJMiPzvosxDgiKdemJ6aj2rHxSDhSofOkwwQnueGuZXN1aLkfMqpo6kR_DyD62BCWuHGAKGLJVoCHYv-BGyREeYvX1nAY3W_HVmECwnI-gKAsB_PrSYIpOuSvRNomQLQWM08K4uHVgd_E9q8dopMwtJh_RpOt7AbRbF3nSrB6sYWXY6ZDQitX4C-XtRCZaJUuuBHH21svv3bEezc4nERfHGCzwtOmzG77EZQj-sUtc4psqsNoRZiOV-rIXuBrDOeAj3YKiiWdiejNp7YZKVHkB14mXw3y6ZuKbKV_0ddiBd3Q57OWnfnRHvVz9XzgTRJUCk87rzzfCwJ2gOnJYZLOh2KllczcN3zRgrdKrM0gjzktBjqs6iZIyoQN4Q05T0L4_MjCee3GlS1XSGnrG0BWXrpGTDCYhLSAgUW6Ckp9g6UsRgQwnQ3gMvgsz-46Y0vfpzS9fJFYiLETfxf_PvC61md_hPrLjKCTPZH92GHiudvhg1XJkAz7NIMOpo3U145RrbD3evBqIvbhBOzUTLmh-tdKyCN9jAW0m-aZz8_wZalclKWZmFfomtZWxne0ZgUnGiBijmvTytU9PEX0mJ6IIUx4DQgmRVJbtEXir5hk7Jrp0mTSye38ABKnkuoRIBqxz4x4nANmvP09Vqh2prGyAA5Nfn3bJQo0sthLHdp_KgDxMV4kfMjzn_flgE-blQilL0p5XgryR3OmLWSvEdLUwxi-5J_pNky1FJDJrA7eY_oAq2aHmQpqqM0iZdMe09Mt2JtemnUteCH7CAA","sFTName":"flowToken","sCtx":"rQIIAeNisFLNKCkpKLbS1y_OTM_LzNNLLC_WS8xNrMrP00vOz9UvTszNUTY2KhLiEqi9ss33-PcA1-n-fh2XBVuer2JUIqz3AiPjC0bGW0yswUCO0SZmFdNE0yTLVDNDXSODJCNdE1NzC12LNGNzXSMTMwsLw7REgxQzw13MKimJFmYpRhYpusmpxia6JgZpprqWyalJuqmWJmkpJhZGaUbGFo-YBYzNzSwMHPJSc_JSS_SA-AILzw8WxkWsQOc-Nr-7bXuqi9-6xx6H2DtCGU6x6ucF5VkW5uU4BZm6-KYEOZsE-zoVWJaluyT5h5TkhltWVWhrZ4Y4hecHZhrYWloZTmDjPcXG8IGNqYOdcRcnEZ5t4uHlYBDi5Mw-uHRrms11DwA1","sCanaryTokenName":"canary","dynamicTenantBranding":[{"Locale":0,"BannerLogo":"https://aadcdn.msauthimages.net/dbd5a2dd-msqp66grneqrilpulpg04jvxlaqipjqahr-xoifficw/logintenantbranding/0/bannerlogo?ts=636417112554838962","Illustration":"https://aadcdn.msauthimages.net/dbd5a2dd-msqp66grneqrilpulpg04jvxlaqipjqahr-xoifficw/logintenantbranding/0/illustration?ts=636417112520555949","BoilerPlateText":"Need assistance, contact  or ","KeepMeSignedInDisabled":false,"UseTransparentLightBox":false}],"oAppCobranding":{},"iBackgroundImage":0,"fUseConstantPolling":true,"fUseFlowTokenAsCanary":true,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://login.microsoftonline.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fIsRemoteNGCSupported":true,"scid":1016,"hpgact":1602,"hpgid":1115,"pgid":"KmsiInterrupt","apiCanary":"nRn9qnlBR5DMdRC4SMBp9vgDbOTtmW9zx++iTBWoQi0=0:1","canary":"nRn9qnlBR5DMdRC4SMBp9vgDbOTtmW9zx++iTBWoQi0=0:1","correlationId":"4db6d47d-f7c7-4550-974f-4e88d31184e7","sessionId":"2c051281-c821-4cec-8371-47abafd11c00","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in" '''

我应该得到一个在主体中包含SAML断言的响应，但是从我所看到的，我只是被返回到登录页面。查看标题，我得到了正确的urlencoding，如果我将此文章强制发送到netcat，我可以看到编码的param字符串，它应该是这样的：

POST / HTTP/1.1
Host: localhost:8765
User-Agent: python-requests/2.21.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Length: 1433
Content-Type: application/x-www-form-urlencoded

type=18&GeneralVerify=false&request=rQIIAeNisFLNKCkpKLbS1y_OTM_LzNNLLC_WS8xNrMrP00vOz9UvTszNUTY2KhLiEgjpP8laF5ngML8wR8ze9ezVVYxKhPVeYGR8wch4i4k1GMgx2sSsYppommSZamaoa2SQZKRrYmpuoWuRZmyua2RiZmFhmJZokGJmuItZJS3FNCnZ2DBJN8nYIk3XJDnNTDfRxCRVN9kgNdksxdQiySTN-BGzgLG5mYWBQ15qTl5qiR4QX2Dh-cHCuIgV6FyBs3uV_Z7t9Zkfc_m2smcuwylW_bxsI9fMIPfUSINUd_3SyHC_VG3tMmfnRIN0_YySiMwk72T3kACnbD_TonxbUyvDCWy8p9gYPrAxdrAz7uIkwrNNPLwcDEKcnEcX9mT62lz3AAA1&canary=nk2EiRGeY0eG%2FuYWNe%2B%2BvCCa0g%2FhtXibKcGTPBkN5ro%3D5%3A1&mfaAuthMethod=OneWaySMS&otc=590446&login=<snipped>&flowToken=AQABAAEAAAAP0wLlqdLVToOpA4kwzSnxO6y1rubHy3M9LJVbHbNk6WtfM50wbhWjx29qtmp5XcuuPWt8-83V7A0Kk1RHUzdPg7WzgvZCgnjI_Po_Nz2_LMs9IEO3EDcQsMqfFYO4lQoFKnlyI_Nm0bJhLna_38bieqRqx-k--R4nvb6RMpPmWLsDsBiks51OK69xEyNKnddb1hrd_ysN_BcOd0Sr7Q3N7VKbnWYHsGszrjXuXVpWwTkMwSHEKgi7ttkBwIZFKKKKzJrBfhcDuN5OaVJ594UluYPeIFBz7PbKcvBprqEweyHO09IPh31_CV4HbqGitsNCBO9ZsZq8K7NMGXONQ_ab4lopOgbf-PPeJGgPZEpINvjkiRDSnjb9SmRxPnkc_gWEZHDQsyGAEyHKwD0TLJpkGlT9o_k95z4Nwwhme5YLySu6uo6v7Dr090Gy3Zbs_KC6oHV2yXLPeFOzZy2IFACbRj7zOdYajsVR7QMa7H5gLS-f7i1kW4cln9nZUPe2k6wcAS3wkTwvFK7gVEwM-e2N3eNRX9EG341LHgK40O63zPr46oaGQbrFrAUFBVhw4gxxJ28AoNUQGdMGLlozfmo2PXL5n4r18Ut4CpYWHfxVl1_CQ3vFuH1AlWat6gQNhAKhJhZExu0gZ7AdxwuDwodSYII6T1WB1gJ1sSEqb9eToCy7z-f1dHVNKSawenyGfSlX0szCU8ldqE7pOtrSxTYFX4X-cqKKkQT9qF4M_1ZNWZHgSOK5a145nQ7_TeGGLk5FcOsZuY6xjLSqmbnFwO_3FczAbjY36_KpdxctwFr-Zdw5n3lTrtoY_nzXOisSW2mV2IadDpOJ3L9OXVNBYAZcIAA 

我已经做了一个星期了，只是不明白为什么这最后一篇文章没有返回SAML断言。如果我在Chrome中执行相同的过程，然后使用devtools将这些帖子作为curl语句拉出来，它们都可以工作。最后一篇文章有点不对劲。你知道吗