Not sure where the instructions are for the specific commit. Currently can't find those files after a recent fetch From: Daniel Lenski <dlenski at gmail.com> Sent: Friday, April 13, 2018 2:23 AM To: Luis l Cc: David Woodhouse; openconnect-devel Subject: Re: Openconnect - Palo Alto - Okta SSO / MFA ? On Wed, Apr 11, 2018 at 8:14 AM, Luis l <chelapa at hotmail.com> wrote: > > Thank you guys, I wasnt sure where to post it so any guidance would help. > > > So yes Okta / IDP = SSO = Multifactor Auth doesnt work > > > I saw that in the link i pasted they get presented with it, but if its still not an official release to OC then i will either wait or find another way for linux users to connect to vpn. which sucks bc i would rather use OC. Let me know what info is needed to maybe get this working. > > > thank you! Luis, Other users have reported similar issues with external authentication flows in GlobalProtect. They're all different, but what they all have in common is that the user goes through web-based authentication forms, and then at the end they get some kind of cookie ("portal-userauthcookie", "prelogin-cookie", etc.) which then needs to be used _in place of the normal password_ to login. Another user wrote some scripts to do the login with Okta, and I came up with a way to submit the resulting cookie. See this discussion and please give us feedback on whether the solution works for you: https://github.com/dlenski/openconnect/issues/98 -Dan