• Daniel Lenski's avatar
    GlobalProtect: query and parse prelogin.esp and use it to build auth forms,... · 3e91f7bf
    Daniel Lenski authored
    GlobalProtect: query and parse prelogin.esp and use it to build auth forms, including preliminary SAML support
    
    Until recently, I've believed the prelogin.esp to be useless, because the
    initial GlobalProtect login form always contains the same two fields:
    username and password.
    
    However, the prelogin response is also important for signalling when SAML
    login is required.  When the VPN uses SAML login, the official GP clients
    redirect the user to a web-based authentication flow (e.g.  Okta,
    https://github.com/dlenski/openconnect/issues/116).
    
    That auth flow eventually sends the official client back to the GP VPN,
    armed with a special cookie field, `portal-userauthcookie` or
    `prelogin-cookie`, that needs to be submitted in place of the password
    (already supported by openconnect as of 8b2bc5f2).
    
    This preliminary SAML support simply includes the SAML method and URL in the
    form banner, and fails with an error message if the cookie field name was
    not specified (since it cannot be autodetected).
    Signed-off-by: default avatarDaniel Lenski <dlenski@gmail.com>
    3e91f7bf
Name
Last commit
Last update
android Loading commit data...
java Loading commit data...
m4 Loading commit data...
po Loading commit data...
tests Loading commit data...
www Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
AUTHORS Loading commit data...
COPYING.LGPL Loading commit data...
Makefile.am Loading commit data...
README.DTLS Loading commit data...
README.TESTS Loading commit data...
TODO Loading commit data...
acinclude.m4 Loading commit data...
auth-common.c Loading commit data...
auth-globalprotect.c Loading commit data...
auth-juniper.c Loading commit data...
auth.c Loading commit data...
autogen.sh Loading commit data...
compat.c Loading commit data...
config.rpath Loading commit data...
configure.ac Loading commit data...
csd-post.sh Loading commit data...
csd-wrapper.sh Loading commit data...
cstp.c Loading commit data...
digest.c Loading commit data...
dtls.c Loading commit data...
esp-seqno.c Loading commit data...
esp.c Loading commit data...
gnutls-dtls.c Loading commit data...
gnutls-esp.c Loading commit data...
gnutls.c Loading commit data...
gnutls.h Loading commit data...
gnutls_tpm.c Loading commit data...
gpst.c Loading commit data...
gssapi.c Loading commit data...
hipreport.sh Loading commit data...
http-auth.c Loading commit data...
http.c Loading commit data...
iconv.c Loading commit data...
jni.c Loading commit data...
libopenconnect.map.in Loading commit data...
library.c Loading commit data...
lzo.c Loading commit data...
lzo.h Loading commit data...
lzs.c Loading commit data...
main.c Loading commit data...
mainloop.c Loading commit data...
ntlm.c Loading commit data...
oath.c Loading commit data...
oncp.c Loading commit data...
openconnect-internal.h Loading commit data...
openconnect.8.in Loading commit data...
openconnect.h Loading commit data...
openconnect.ico Loading commit data...
openconnect.pc.in Loading commit data...
openconnect.rc Loading commit data...
openssl-dtls.c Loading commit data...
openssl-esp.c Loading commit data...
openssl-pkcs11.c Loading commit data...
openssl.c Loading commit data...
script.c Loading commit data...
ssl.c Loading commit data...
sspi.c Loading commit data...
stoken.c Loading commit data...
tncc-wrapper.py Loading commit data...
tun-win32.c Loading commit data...
tun.c Loading commit data...
version.sh Loading commit data...
win32-ipicmp.h Loading commit data...
xml.c Loading commit data...
yubikey.c Loading commit data...