Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
GlobalProtect: query and parse prelogin.esp and use it to build auth …
…forms, including preliminary SAML support Until recently, I've believed the prelogin.esp to be useless, because the initial GlobalProtect login form always contains the same two fields: username and password. However, the prelogin response is also important for signalling when SAML login is required. When the VPN uses SAML login, the official GP clients redirect the user to a web-based authentication flow (e.g. Okta, dlenski/openconnect#116). That auth flow eventually sends the official client back to the GP VPN, armed with a special cookie field, `portal-userauthcookie` or `prelogin-cookie`, that needs to be submitted in place of the password (already supported by openconnect as of 8b2bc5f). This preliminary SAML support simply includes the SAML method and URL in the form banner, and fails with an error message if the cookie field name was not specified (since it cannot be autodetected). Signed-off-by: Daniel Lenski <dlenski@gmail.com>
- Loading branch information
Showing
2 changed files
with
189 additions
and
66 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters