On Tue, 2017-04-18 at 09:09 -0400, Sean wrote: > Hi, > > Is there a way to configure the network-manager connection file to > pass the authgroup into openconnect? It ought to remember the authgroup that you last used, just as it remembers usernames. > I'm interested in switching from using a shell-script wrapper to run > openconnect as an unprivileged user to using the > NetworkManager-Openconnect hack discussed here: > https://bugzilla.redhat.com/show_bug.cgi?id=1218335, with PKCS#11 > authentication. > > It seems that when connecting to the vpn this way, the PKCS#11 card is > authenticated, then the GUI returns to a normal login page with an > Auth Group drop down.??If we select the group for smart card users, > and click login the things seem to work, but it's very confusing to > end-users.??(I manage a lot of linux desktops and laptops for > semi-linux saavy scientists). What happens when you select the 'smart card' authgroup? Does the username/password prompt go away, and leave you with *only* a login button? I suspect there are two problems here. Firstly, perhaps it isn't automatically switching to the remembered authgroup when initialising the dialog... and then you're probably going to complain about the fact that we don't auto-submit, and the user needs to manually press the 'login' button even when all the required information is present. There's an RFE bug for that somewhere in GNOME bugzilla already... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4938 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170419/2fd9d071/attachment.bin>