From 40715d648b0a6940329f0c4663473452f27be09d Mon Sep 17 00:00:00 2001
From: NIKL45 <technik247@gmail.com>
Date: Mon, 3 Nov 2025 21:28:57 +0100
Subject: [PATCH] fixed and tested TFA (OTP) for FAU

---
 PFERD/crawl/ilias/simplesaml_login.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/PFERD/crawl/ilias/simplesaml_login.py b/PFERD/crawl/ilias/simplesaml_login.py
index d6a629b..7357efc 100644
--- a/PFERD/crawl/ilias/simplesaml_login.py
+++ b/PFERD/crawl/ilias/simplesaml_login.py
@@ -96,10 +96,12 @@ class SimpleSAMLLogin:
         form = cast(Tag, soup.find("form", {"method": "post"}))
         action = cast(str, form["action"])
 
-        url = str(saml_url.origin()) + action
-        data = {
-            "_eventId_proceed": "",
-            "fudis_otp_input": tfa_token,
+        if action.startswith("https"): # FAU uses full URL here
+                url = action
+        else:
+            url = str(saml_url.origin()) + action #KIT uses relative URL here
+        data = { # for www.sso.uni-erlangen.de/simplesaml/module.php/mfa/otp?...
+            "otp": tfa_token
         }
         if csrf_token_input := form.find("input", {"name": "csrf_token"}):
             data["csrf_token"] = csrf_token_input["value"]  # type: ignore
@@ -113,7 +115,9 @@ class SimpleSAMLLogin:
 
     @staticmethod
     def _tfa_required(soup: BeautifulSoup) -> bool:
-        return soup.find(id="fudiscr-form") is not None
+        # Also treat a body with id="mfa:otp" as TFA required (for FAU)
+        body = soup.find("body")
+        return body is not None and body.get("id") == "mfa:otp"
 
 
 async def _post(session: aiohttp.ClientSession, url: str, data: Any) -> BeautifulSoup: