Re: openconnect with SAML and GlobalProtect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

(Grumble. Thunderbird really doesn't like plain text, my apologies if this
comes out poorly).

I guess I really just figured since I did the login dance already, I just
need to coerce openconnect (somehow) with the data in that XML file.

Perhaps I did not make this very clear in the original post, I actually
have this automated with some silly python and zenity, so I was hoping the
last step would just be 'run openconnect passing this XML/data/whatever'.

OK, I'll take another look at the gp-saml-gui code to see how it performs
that last step, or uses the script.

Thanks, Michel

On 5/21/20 3:05 PM, Daniel Lenski wrote:
> Michel wrote:
>> - Go to https://vpn.example.com/global-protect/getconfig.esp, passing
>>   in the user=joe@xxxxxxxxxxx and prelogin-cookie=C4xyzzyxyzzy...
>>   which gives me a big XML file, which includes towards the end
>> <portal-userauthcookie>ABCAverylargestringindeed=</portal-userauthcookie> 
>> <portal-prelogonuserauthcookie>empty</portal-prelogonuserauthcookie>
>> <scep-cert-auth-cookie>XyzzYAShorterstring==</scep-cert-auth-cookie>
>
> Quite honestly, count me as impressed that you managed to do the whole
> SAML authentication "by hand." (It's a confusing pain, isn't it?)
>
> Since you clearly know what you're doing here more than most users who
> attempt it, hopefully you'll be able to give us some insightful
> feedback on what does/doesn't work in the scripts that automate this…
> :-D
>
>> But now I'm stuck. What magic incarnation of the openconnect command line do I use now? 
>
> OpenConnect doesn't (yet) have the ability to handle the SAML
> authentication by itself, so you need a helper script.
>
> I'm partial to https://github.com/dlenski/gp-saml-gui/ because (a) it
> can log what it's doing in a way that makes sense to the OpenConnect
> developers and (b) it uses the same output format as `openconnect
> --authenticate`, and (c) I wrote it, whence (a).
>
> There are several more GUI-friendly wrappers too. I'd recommend
> @yuezk's https://github.com/yuezk/GlobalProtect-openconnect
>
> -Dan
>


_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux