Authgroup, PKCS#11 and nm-openconnect...

David Woodhouse dwmw2 at
Wed Apr 19 02:49:50 PDT 2017

On Tue, 2017-04-18 at 09:09 -0400, Sean wrote:
> Hi,
> Is there a way to configure the network-manager connection file to
> pass the authgroup into openconnect?

It ought to remember the authgroup that you last used, just as it
remembers usernames.

> I'm interested in switching from using a shell-script wrapper to run
> openconnect as an unprivileged user to using the
> NetworkManager-Openconnect hack discussed here:
>, with PKCS#11
> authentication.
> It seems that when connecting to the vpn this way, the PKCS#11 card is
> authenticated, then the GUI returns to a normal login page with an
> Auth Group drop down.  If we select the group for smart card users,
> and click login the things seem to work, but it's very confusing to
> end-users.  (I manage a lot of linux desktops and laptops for
> semi-linux saavy scientists).

What happens when you select the 'smart card' authgroup? Does the
username/password prompt go away, and leave you with *only* a login

I suspect there are two problems here. Firstly, perhaps it isn't
automatically switching to the remembered authgroup when initialising
the dialog... and then you're probably going to complain about the fact
that we don't auto-submit, and the user needs to manually press the
'login' button even when all the required information is present.
There's an RFE bug for that somewhere in GNOME bugzilla already...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4938 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list