free choice of authgroups

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue May 20 00:07:05 PDT 2014


On Mon, 2014-05-19 at 07:59 -0700, Kevin Cernekee wrote:

> On Cisco this could be done through a group-url.  So instead of
> entering a bare hostname, the user would enter something like
> "https://vpn.foo.com/my-group-url".  The group-url namespace is
> separate from the authgroup names used in the dropdown list, and so it
> can include hidden groups.
> More recently we also saw a case where fields in the client cert were
> used to select the group.

Couldn't openconnect set the group-select xml tag if --authgroup is
specified on command line? Is there an issue if that's implemented? That
will allow the user to specify a group using the same method even if a
list isn't presented.

regards,
Nikos





More information about the openconnect-devel mailing list