feat: Add Okta SAML Federation authentication (M2.3)

## Summary
Add Okta SAML Federation as an authentication method, allowing users who authenticate through Okta to assume AWS roles via SAML assertions.

## Details
- Implement Okta API authentication (username/password) in `internal/auth/`
- Handle MFA challenge for all Okta-supported factors (Push, TOTP, SMS, etc.)
- Retrieve SAML assertion from Okta → call `sts:AssumeRoleWithSAML`
- Cache Okta session token for reuse
- Add `okta_saml` auth type to context configuration

## Checklist
- [ ] Add `okta_saml` auth type to `internal/config/config.go`
- [ ] Implement Okta API client in `internal/auth/okta.go`
- [ ] Handle MFA challenge/response flow
- [ ] Implement SAML assertion parsing and `sts:AssumeRoleWithSAML` call
- [ ] Add Okta session token caching
- [ ] Add TUI context-add wizard fields for Okta (org URL, app ID)
- [ ] Update `internal/auth/auth.go` PostSwitch to handle okta_saml type
- [ ] Write tests

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Add Okta SAML Federation authentication (M2.3) #26

Summary

Details

Checklist

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

feat: Add Okta SAML Federation authentication (M2.3) #26

Description

Summary

Details

Checklist

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions