On Fri, Apr 13, 2018 at 8:31 AM, Luis l <chelapa at hotmail.com> wrote: > After digging around i THINK its a part of this? > > https://github.com/arthepsy/pan-globalprotect-okta/ > > I downloaded it added the totp of that moment, removed pw to prompt me instead of conf and i get the below from debug = 1. My "Guess" if this worked its to be used against the command i sent prior and piped into the openconnect cmd? > > --- > # status: > MFA_REQUIRED > --- > err: no factor url found Luis, I have a lot of trouble following your explanations here, but? yes, you need to figure out a way to generate the appropriate cookie and submit it to openconnect in place of the password, using the new mechanism that I added in the fun_with_cookies branch, as described on Github. I don't use Okta, can't use Okta, and know nothing about Okta. I do not have access to a GP VPN that uses this kind of authentication flow. So I cannot test the authentication scripts in any way. All I can do is provide a mechanism for openconnect to accept the cookie produced by the alternative authentication flows, and rely on users to tell me if it solves the problem. Dan
