Hi there! James Ralston wrote: > Does anyone have any advice or tips for getting openconnect to > navigate through a pre sign-in notification? > > We are legally required to use a pre sign-in notification for our > Pulse VPN service: > > https://corliss.sei.cmu.edu/ > > Unfortunately, openconnect doesn't seem to understand how to navigate > through the pre sign-in notification. Attempting to connect to the > Pulse VPN service yields this error message: > > Failed to find or parse web form in login page We have a somehow similar issue here where Smartcard auth is not done by the Pulse gateway, but some other Siemens-service which means OpenConnect needs to dive through three additional forms. For now, I use something like this: @@ -657,6 +665,14 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo) ret = -EINVAL; break; } + } else if (!strcmp(form_id, "login_PKI") || + !strcmp(form_id, "MessageAccept") || + !strcmp(form_id, "gaform")) { + form = parse_form_node(vpninfo, node, "btnSubmit"); + if (!form) { + ret = -EINVAL; + break; + } Plus deactivation of some sanity checks in handle_redirect() and process_auth_form_cb(). However, further HTML parsing in OpenConnect feels like the wrong solution, and http://www.infradead.org/openconnect/juniper.html seems to suggest other solutions ("full compatibility may require actually using a web browser to log in"). So we're thinking about implementing something similar like juniper-vpn.py from https://github.com/russdill/juniper-vpn-py which does our company-specific auth dance and then just calls openconnect with the DSID cookie... That said, finding a working PKCS#11 solution for Python turned out to be a non-trivial task... -- Gernot Hillier Siemens AG, Corporate Competence Center Embedded Linux
