Yubikey MFA is broken, at least on Mac OS

[ipolishchuk]

Describe the bug
For the last few days, when trying to use Yubikey for MFA, multiple users are getting an error with okta-aws-cli.jar
Okta Yubikey MFA works well in the Web interface.

To Reproduce
Steps to reproduce the behavior:

Ensure you have in the ~/.okta/config.properties :
#OKTA_MFA_CHOICE=OKTA.push
OKTA_MFA_CHOICE=YUBICO.token:hardware

Execute:
$ java -Djava.util.logging.config.file=~/.okta/logging.properties -classpath ~/.okta/okta-aws-cli.jar com.okta.tools.WithOkta aws --profile sts get-caller-identity
Username:
YUBICO Token Factor Authentication
Enter 'change factor' to use a different factor
Token:

Exception in thread "main" java.lang.IllegalStateException: Server error when loading Okta AWS App: 500
at com.okta.tools.saml.OktaAppClientImpl.launchApp(OktaAppClientImpl.java:48)
at com.okta.tools.saml.OktaSaml.launchOktaAwsAppWithSessionToken(OktaSaml.java:115)
at com.okta.tools.saml.OktaSaml.getSamlResponseForAws(OktaSaml.java:54)
at com.okta.tools.saml.OktaSaml.getSamlResponse(OktaSaml.java:48)
at com.okta.tools.OktaAwsCliAssumeRole.doRequest(OktaAwsCliAssumeRole.java:132)
at com.okta.tools.OktaAwsCliAssumeRole.run(OktaAwsCliAssumeRole.java:102)
at com.okta.tools.WithOkta.main(WithOkta.java:28)

Expected behavior
Expect to receive a Yubikey token request, and authenticate with aws.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Tried the following jar versions:
okta-aws-cli-2.0.5.jar
okta-aws-cli-3.0.0.jar

aws --version
aws-cli/2.8.2 Python/3.9.11 Darwin/20.6.0 exe/x86_64 prompt/off
Mac OS 11.7

[ipolishchuk]

Duplicate of #403. Closing it.