XML Post not working on 5.01

David Woodhouse dwmw2 at infradead.org
Wed Jun 19 09:27:53 EDT 2013 

On Sat, 2013-06-15 at 17:16 -0700, Kevin Cernekee wrote:
> One thing that (lib)openconnect could do to work around this is to
> prompt the user for just the group first, then after he hits submit,
> prompt for the remaining form fields (skipping the group dropdown).
> Are you willing to be the guinea pig?

We have a similar issue if we want to correctly handle things like the
following form (seen on a non-aggregate-auth server):

<form method="post" action="/+webvpn+/index.html">
 <input type="text" name="username" label="Username:" />
 <input type="password" name="password" label="Password:" />
 <input type="text" name="secondary_username" label="Username:" second-auth="1" />
 <input type="password" name="secondary_password" label="Password:" second-auth="1" />
 <select name="group_list" label="GROUP:">
  <option value="All_PasswordResetOTP-Pledge_CP" secondary_username="" secondary_username_editable="false" second-auth="1" noaaa="0" >OTP_PIN_Reset_Pledge</option>
  <option value="All_PasswordResetOTP-SMS_CP" noaaa="0" >OTP_PIN_Reset_SMS</option>
  <option value="Remediation_password" noaaa="0" >Remediate_Certificate_TAC</option>
 </select>
 <input type="submit" name="Login" value="Login" />
 <input type="reset" name="Clear" value="Clear" />
</form>

In this case I think the expected behaviour is that the 'secondary_username'
and 'secondary_password' fields should be hidden unless a group with
'second-auth' property is chosen. And then of course you can see the
override which is used to *hide* the secondary username in this case;
it's only used for a second *password*.

I think this requires a change to the libopenconnect control flow — I'm
thinking of a callback into libopenconnect when the auth group is
changed, which then returns a *new* form for the UI to display. Or at
least new fields other than the group.

That should work for the command-line tool too as long as it asks for
the group *first*. Which I think it already does.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20130619/b68e3ea4/attachment.bin>

More information about the openconnect-devel mailing list