OKTA + AWS GovCloud -- "unsupported protocol scheme"

[duckfez]

Getting an error "unsupported protocol scheme" when attempting to authenticate for AWS GovCloud.

$ /usr/local/bin/saml2aws -a govcloud login
Using IDP Account govcloud to access Okta https://foobar.okta.com/home/amazon_aws/0oa3e1gtozzfDFAel297/272
To use saved password just hit enter.
? Username user.name
? Password *******************

Authenticating as user.name ...

Waiting for approval, please check your Okta Verify app ...... Approved

error authenticating to IdP: error following: Post "/saml": unsupported protocol scheme ""

Config file:

[govcloud]
app_id               =
url                  = https://foobar.okta.com/home/amazon_aws/0oa3e1gtozzfDFAel297/272
username             = user.name
provider             = Okta
mfa                  = OKTA
skip_verify          = false
timeout              = 0
aws_urn              = https://signin.amazonaws-us-gov.com/saml
aws_session_duration = 3600
aws_profile          = govcloud
resource_id          =
subdomain            =
role_arn             = arn:aws-us-gov:iam::12345:role/user/rolename
http_attempts_count  =
http_retry_delay     =

Fundamentally the same configuration works with the same OKTA tenant in AWS commercial.