failed get SAMLAssertion

[AdirMan]

Hi,

I’m using saml2aws with federated SAML configured between Azure AD and AWS. MFA is enforced on Azure AD with TOTP (Time-based One-Time Password).

When I try to login using saml2aws with the AzureAD provider, the process reaches the MFA verification step but then fails with this error:

unknown process step found:ConvergedError
failed get SAMLAssertion
Error authenticating to IdP.
Here is a relevant snippet from the debug logs (sensitive details redacted):

time="2025-05-29T11:43:14+03:00" level=debug msg="processing ConvergedSignIn" provider=AzureAD
time="2025-05-29T11:43:15+03:00" level=debug msg="processing ConvergedTFA" provider=AzureAD
? Enter verification code [REDACTED]
time="2025-05-29T11:43:20+03:00" level=debug msg="unknown process step found:ConvergedError" provider=AzureAD

failed get SAMLAssertion
github.com/versent/saml2aws/v2/pkg/provider/aad.(*Client).Authenticate
...
github.com/versent/saml2aws/v2/cmd/saml2aws/commands.Login
...
main.main
...
Additional context:
MFA type: TOTP

Azure tenant and App IDs redacted for security

Role ARN and region configured correctly

Regular username/password login works before MFA step

MFA prompt accepts code but then fails as above