On Sat, 2013-06-15 at 17:16 -0700, Kevin Cernekee wrote: > One thing that (lib)openconnect could do to work around this is to > prompt the user for just the group first, then after he hits submit, > prompt for the remaining form fields (skipping the group dropdown). > Are you willing to be the guinea pig? We have a similar issue if we want to correctly handle things like the following form (seen on a non-aggregate-auth server): <form method="post" action="/+webvpn+/index.html"> <input type="text" name="username" label="Username:" /> <input type="password" name="password" label="Password:" /> <input type="text" name="secondary_username" label="Username:" second-auth="1" /> <input type="password" name="secondary_password" label="Password:" second-auth="1" /> <select name="group_list" label="GROUP:"> <option value="All_PasswordResetOTP-Pledge_CP" secondary_username="" secondary_username_editable="false" second-auth="1" noaaa="0" >OTP_PIN_Reset_Pledge</option> <option value="All_PasswordResetOTP-SMS_CP" noaaa="0" >OTP_PIN_Reset_SMS</option> <option value="Remediation_password" noaaa="0" >Remediate_Certificate_TAC</option> </select> <input type="submit" name="Login" value="Login" /> <input type="reset" name="Clear" value="Clear" /> </form> In this case I think the expected behaviour is that the 'secondary_username' and 'secondary_password' fields should be hidden unless a group with 'second-auth' property is chosen. And then of course you can see the override which is used to *hide* the secondary username in this case; it's only used for a second *password*. I think this requires a change to the libopenconnect control flow ? I'm thinking of a callback into libopenconnect when the auth group is changed, which then returns a *new* form for the UI to display. Or at least new fields other than the group. That should work for the command-line tool too as long as it asks for the group *first*. Which I think it already does. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20130619/b68e3ea4/attachment.bin>
